OAuth for AtomPub in Roller

powered by Roller badge

Over the past month or so I've been adding OAuth support to just about every open source project that I can commit to. I added OAuth support to Roller so that you can now use OAuth to protect Roller's AtomPub server and other things. I also added OAuth support to ROME Propono's AtomPub client so you can now use Propono to post to Roller (more about that later). Here's a quick overview of how OAuth in Roller works.

NOTE that this post applies to Roller 5.0, which has not yet been officially released.

Setting up OAuth for AtomPub in Roller

If you want to use OAuth with AtomPub on your Roller site, go to the Server Admin page and find the Web Services section, enable AtomPub and specify 'oauth' as the authentication mechanism, like so:

OAuth config in Roller 5.0-dev

Getting your OAuth key, secret and URLs

Once you've done the setup, you'll find an OAuth Credentials link on the Roller Main Menu page, which will lead you a page like the one below showing your OAuth consumer key & secret and, if you are a site admin user, the site-wide key & secret. Currently, there's only one set of site-wide credentials; I plan to fix that.

OAuth keys page in Roller 5.0-dev

Of course, those aren't my real keys. You'll want to keep your OAuth keys secret as they can enable anybody to access your Roller account via AtomPub.

Want to try it yourself?

I mentioned that Roller 5.0 has not yet been released and that's true. There's still a lot of work to be done on 5.0, but that doesn't mean you can't get your hands on the code and binaries now. To make it easy, I've made an unofficial snapshot version of Roller 5.0-dev available for testing purposes only. It's what I'm running on my site. You can get it here in two flavors:

apache-roller-5.0-dev-20090321-SNAPSHPOT.tar.gz (31 mb)

apache-roller-5.0-dev-20090321-SNAPSHPOT.zip (31 mb)

The instructions in the old Roller 4.0 installation guide should work fine, so follow them to install and configure the 5.0-dev SNAPSHOT. Please send questions and feedback to either the Roller dev mail list and I'll do my best to respond there.

You'll also need an OAuth capable AtomPub client. More on that topic tomorrow...

Sidebar: What is OAuth and why should you care?

OAuth logo

I'm going to be following up my OAuth everywhere! post, with several more OAuth related posts this week. So, just in case you are wondering "why is Dave going off on this cockamamie OAuth tangent?", I'll take some time now to explain a little about OAuth to help you understand.

OAuth is a emerging protocol that one web site can use to access your data on another website without asking you to reveal your username and password. For example, when the sinister BuddyNet9000(TM) Social Network site wants to access your GMail account so it can spam your "friends" on your behalf, you can use OAuth to give it access without telling it your username and password. Why risk your GMail security when all you want to do is spam some people? There are less snarky examples, but that one makes the point well, I think.

There's a good end-user oriented introduction on OAuth.net titled Beginner's Guide to OAuth: Protocol Workflow. OAuth is not that widely deployed yet, and is not perfect, but it is emerging and going the IETF standards route.

I'm interested in OAuth because it's part of the OpenSocial spec, used to authorize access to the OpenSocial REST API and to enable OpenSocial Gadgets to call out to OAuth protected resources. Also, because it's used to protect AtomPub-based services, including the Google Data APIs. I needed to learn about it for my Roller and SocialSite work and if you're going to be doing much OpenSocial work, you'll need to learn about it too.

ApacheCon EU 2009!

View of art center (foreground) and Movenpick Hotel

I'm off to ApacheCon EU 2009> tomorrow in Amsterdam to speak on the topic of Shindig for Blogs and Wikis. I'm really looking forward to catching up with my Apache friends and colleagues. That's the conference venue in the photo on the right, the Movenpick hotel (in the background behind the music hall).

I'm staying a couple of extra days, so I hope to have time for bicycling around the city as I've done in the past (see also: Flickr photo sets for 2007 and 2008). Unfortunately, the weather forecast stinks. There's a 60% chance of rain every day that I'm in town. Oh well; guess I'll have plenty of time for blogging.

Speaking of blogging.This week, I'll be posting some blog entries to highlight the work that I've done in preparation for my talk. Here's what I plan to cover:

* Monday: OAuth for AtomPub in Roller
* Tuesday: OAuth for ROME Propono
* Wednesday: SocialSite on rollerweblogger.org
* Thursday: OAuth everywhere (continued)
* Friday: the future of Project SocialSite

If you plan to attend my talk, at 4:30PM on Friday March 27, then you should follow along. Pay special attention to the SocialSite on rollerweblogger.org and OAuth everywhere (continued) posts, which will include detailed background info. I'm looking forward to seeing you there.

Latest Links - Roller, SocialSite, etc.

Latest Links: Sun and clouds

Slides for my COMP 380 talk: Social Software at work

I was invited to talk to the class COMP 380: Computers and Society at the University of North Carolina on the topic of Social Software at work, so I spent some time working up a presentation and set of slides. I gave the talk last night to three sections of the class and it seemed to go over pretty well. There was some booing at the start when I mentioned my alma mater N.C. State, but nobody threw anything and I think I put only one student to sleep. I definitely enjoyed the experience.

For the benefit of the class and anybody else who is interested, I just uploaded my slides to Slideshare. You can find them here: Social Software at work.

Latest Links #42

Joining IBM

If you've been following my tweets you know that I accepted a new job yesterday. What I didn't reveal was my new employer. Before the end of this month I'll be joining IBM/Rational and working as a Web 2.0 Architect. I'm not sure how much I can say about what I'll be working on, so I won't be blogging too much about work until I figure that out. I think I can safely say this: I'm thrilled about this new job and the folks that I'll be working with. In the near term, it looks like my workmates will be @pmuellr and @BillHiggins and I'll be learning a lot about Jazz.

View Larger Map

I feel very fortunate to have found such an excellent position a fairly tough job market and I'm more than ready to start working on new things. Thanks to everybody who helped out by recommending me, blogging about me, offering encouragement and taking the time to interview with me.

OAuth everywhere!

For my ApacheCon EU talk, which is now just a couple of weeks away, I'm going to talk about Shindig for Blogs and Wikis. I promised to show social features and OpenSocial Gadgets running inside Apache Roller and Apache JSPWiki (incubating). This post explains, at a very high level, how I got a Roller Gadget working, one that uses OAuth to call Roller and enables Roller to use OAuth to call back to the social network. It assumes you have a basic understanding of OpenSocial and OAuth.[Read More]

Latest Links: Sunday Feb. 22, 2009

RSS and Atom part of the stimulus plan

Aaron Swartz: As chaunceyt pointed out, the new stimulus bill's implementation instructions require that each government agency report the money it gives out in RSS:

For each of the near term reporting requirements (major communications, formula block grant allocations, weekly reports) agencies are required to provide a feed (preferred: Atom 1.0, acceptable: RSS) of the information so that content can be delivered via subscription.

Pretty amazing to see a government so tech-savvy.

Uncle Sam should contact Manning, who, I'm pretty sure, has stacks of RSS and Atom In Action available for a very good price.

Save the date: BarCamp RDU 2009

barcamp rdu banner

We've got a date and a venue for BarCamp RDU 2009, so mark your calendars:

BarCamp RDU 2009 - August 8 at Red Hat headquarters in Raleigh, NC

More information and registration coming soon...

Media Blogging for Roller

For the past five months I've had the pleasure of mentoring two San Jose State Univ. graduate students, Ganesh Mathrubootham and Tanuja Varkanthe, who are working on a project for classes CMP 295A and B. They picked one of the projects that I first proposed for Google Summer of Code and then for Glassfish's student outreach program, Media Blogging for Apache Roller. It's turned out to be a major project and the central new feature in the upcoming Roller 5.0 release. [Read More]

G Friend Connect

Friend Connect Logo

I started a new blog on this site to explore what's possible with Google Friend Connect (GFC). It's called the G Friend Connect blog. I've added the GFC Members Gadget and I replaced Roller's built-in comment macro with the GFC Wall Gadget. In theory, if you have a Google, Yahoo or Open ID account, you should be able to login via a gadget, make friends with other site members and leave comments. If you have a minute or two, try it out. Join the site and leave a comment. That will give me (and you) a better idea of how things work.

So far I'm not particularly impressed with the Wall Gadget as a comments replacement. Here is an example. It doesn't support rich-text editing, no HTML is allowed, the comment area is too small and there's no preview button. Maybe that's why it's called a Wall Gadget rather than a Comments Gadget. Or maybe I'm just not doing it right.

19th International WWW Conference - Raleigh, NC

NCSU and IW3C2 Sign Agreement: It’s official! North Carolina State University and the International World Wide Web Steering Committee (IW3C2) based in Geneva, Switzerland, have reached agreement to host the 19th International World Wide Web Conference (WWW2010) at the new Raleigh Convention Center on April 26-30, 2010. The general conference chairs are Michael Rappa, director of the Institute for Advanced Analytics at North Carolina State University, and Paul Jones, director of iBiblio.org at the University of North Carolina–Chapel Hill.
Awesome news, but slightly old. I didn't learn about it until I got the WWW 2010 Facebook Group invite from @smalljones himself.

Welcome Ganesh!

From the Roller project blog:

Ganesh Mathrubootham has been doing great work on the Media Blogging for Roller project and helping out in other ways in Roller development and support. So in January we nominated and voted him in as Roller's newest committer. Welcome Ganesh, we're very happy to have you on the team.

I've really enjoyed working with Ganesh and his project partner Tanuja over the past six months, so this is great news. I'll tell you a bit more about the Media Blogging for Roller project in one of my next blog posts.

Science for the Curious Photographer

picture of the CD

You may remember that my dad, Charles Johnson, was working on a book that explains the science behind photography, from "quantum mechanics to physiology and art appreciation." He's finished now and while he negotiates with publishers he is making a limited number of copies available on CD, mostly to his photographer friends.

The book is beautifully illustrated with color photographs, diagrams and lots of equations. Yes, I said equations; you'll need to brush up on your physics and calculus to really appreciate the entire work. I really enjoyed the first couple of chapters and the later chapter on appreciation of art in photography, but I have to admit, I haven't read the whole thing.

I'll try again when I have the printed edition ;-)

You can download a detailed table of contents via his blog photophys.com. He'll also be making selected chapters available there to get feedback; the first is How to get really high magnifications.

Preparing for my Shindig talk next month

ApacheCon speaker badge

The day before the layoff axe fell at Sun, I blogged about my upcoming Shindig for Blogs and Wikis talk at ApacheCon EU in March. Since then, I've been working almost non-stop on finding a new gig and have had little time to work on my presentation. That's not good, because I have fairly ambitious plans for this talk. I'll explain.

I want to be able to show how to add social features including OpenSocial support to a blog server and a wiki server by using plain old Shindig and then Project SocialSite. I'm targeting Roller and JSPWiki because they're the blog and wiki source code bases that I know best right now and they're both Apache efforts, but the same techniques should work with other systems like Wordpress or Drupal. If I have time I might be able to demo those too (but I wouldn't count on it).

I'm not sure how far I can go with plain old Shindig because, like most blog and wiki servers, neither Roller nor JSPWiki has detailed profile data, social relationships or activities. I should be able to get Google Gadgets working via Shindig, but OpenSocial Gadgets will take a lot more thought and effort.

I'm much more confident in the Project SocialSite approach. SocialSite provides for storage of detailed profile information, groups, activities and app data as well as the necessary UI. I'm confident enough that I'm going to deploy it on this site. So, stay tuned. I hope to have something to show by the end of next week.

Oh, and by the way. Today is the last day to register for ApacheCon EU with the early-bird discount. So sign-up already!

ApacheCon Europe 2009 (link)

23-27 March 2009 | Mövenpick Hotel, Amsterdam
Pricing (register before Feb 6 for discount)

NCSU FOSS Fair 2009


I just signed up for the NC State University FOSS Fair 2009 on Monday, Feb. 2. I'm pretty excited that there's a GRASS GIS session on the list; that's where I got my start with open source software sometime in the previous century (GRASS was public domain back then, not GPL as it is today).

Triangle Tweetup tomorrow

The first Triangle Tweetup of the year is tomorrow at the stylin' Glenwood South facilities of Edge Office. There's a site now with an interesting speaker line-up and people tweeting about it (and food).

Triangle Tweetup

Count me in!

Update: Reminder the #triangletweetup is a food drive too, bring some nonperishables, info: http://tinyurl.com/6vn3ct via @ginnyskal #givingback

« Previous page | Main | Next page »