[sugar] Fwd: (another) WebKit port of Browse

Carol Lerche cafl
Mon Jul 7 19:47:36 EDT 2008 

Sorry Bobby and others...I went from an offlist reply to a more general
reply and omitted recipients.

Google Gears is interesting in so far as it is a plug-in that supports
offline use of the school server, and as such is being directly ported. My
point was exactly that it is a plugin.

There are other plugins that are educationally useful.  Scrapbook was my
example.  I think it makes research on the web far more productive and the
resultant work more rigorous.  How do you run such plugins and add-ons from
the current browse activity without a development effort?  If you know,
please provide information and I will experiment and post a wiki page.  If
it is not possible, that's my point.

Martin -- You state that ssl at the network layer is significant.  The
question is when and how much must ssl be used to authenticate with client
certs?  I believe it only needs to be used during initial authentication and
again when properly designed cookies expire.   Since each XO only
authenticates infrequently, SSL cost is not significant. My understanding
from the wiki is that "The school server is a bundle of software that may be
run on a variety of platforms, allowing it to support schools of 20 to 2000
students. OLPC will design and build two varieties of school server, small
and large, supporting 20 and 150 students respectively."  So assuming that
"small" school servers are approximately an XO in power, this means that the
school server would have to be able to handle 20 authentications in a
relatively short time window ("open your laptops, class, and browse to this
morning's lesson").  Say 1 to 2 minutes.  (I'm giving those obedient kids
with XOs the benefit of the doubt here!)  The big server scenario would
require specification.  I am going to go off and get timings for the small
server and report back, but I'm betting it would work fine.

As to the PKI infrastructure, I don't think it is any harder to work this
out than any of the other key management issues already in play.  So put the
Certificate Authority software on the teacher's laptop and keep the CA key
material on a thumb drive, as one example.  We aren't talking about certs
that get an attacker into a financial institution here.

Carol Lerche




On Mon, Jul 7, 2008 at 4:24 PM, Bobby Powers <bobbypowers at gmail.com> wrote:

> On Mon, Jul 7, 2008 at 7:06 PM, Carol Lerche <cafl at msbit.com> wrote:
> > The UI seems pretty important to me, but obviously that's a matter of
> > taste.  Not everyone likes tabbed browsing.  Correct operation of
> websites
> > that fail with the extant browser.  Direct availability of plugins and
> > addons.  One example:  scrapbook, a superb research tool.  Another
> example
> > Google Gears (according to a recent mail being ported, presumably
>  because
> > the browser is not standard).  I am not familiar with the Firefox
> codebase,
> > and perhaps all these things are directly available so long as the
> Firefox 3
> > engine is there, but if so, there desperately needs to be a detailed body
> of
> > documentation telling how to access these capabilities.
>
> Carol -
>
> I created a page on the wiki to list these problem sites.  Can you
> please record these sites there?
> http://wiki.laptop.org/go/Browse/ProblemSites
>
> And, to be fair, Gears is not (only) a website, its a browser plug-in
> that allows you to interact with certain websites offline. (and I do
> think someone is working on porting it as you said).
>
> Bobby
>
> > On Mon, Jul 7, 2008 at 3:56 PM, Bobby Powers <bobbypowers at gmail.com>
> wrote:
> >>
> >> 2008/7/7 Carol Lerche <cafl at msbit.com>:
> >> > Client certs can be used for authentication with no changes to a
> Firefox
> >> > browser or an Apache server.  GTK based as well as web based software
> to
> >> > create certs also already exists.   What sort of patch are you looking
> >> > for?
> >> > I could certainly provide a page running in an apache server to
> validate
> >> > a
> >> > request for and implant a client cert in a Firefox browser.   The
> issue
> >> > of
> >> > certificate creation needs a little more discussion, not because it is
> >> > difficult or requires a lot of new software to execute, but because it
> >> > is
> >> > important to be clear about the requirements.  When you describe the
> >> > overhead, do you mean the overhead of creating the certs?  Examining
> >> > them
> >> > when someone first logs on?
> >> >
> >> > I raised this alternative because you said that a bespoke browser was
> a
> >> > requirement to have automatic authentication with the school server.
>  To
> >> > me,
> >> > the benefits of running a standard browser are so substantial that
> this
> >> > trade off should be considered.
> >>
> >> Can you explain these benefits?  Both Gecko and WebKit are standard
> >> browser engines.  I don't see much to be gained from a UI perspective
> >> (which presumably is what you're taking about?) by switching to FF3.
> >> Performance is the only compelling reason I see.
> >>
> >> Bobby
> >>
> >> > On Mon, Jul 7, 2008 at 3:39 PM, Martin Langhoff
> >> > <martin.langhoff at gmail.com>
> >> > wrote:
> >> >>
> >> >> On Mon, Jul 7, 2008 at 7:20 PM, Carol Lerche <cafl at msbit.com> wrote:
> >> >> > Why does automatic authentication require a custom browser?  Client
> >> >> > certificates work well for this function in ordinary web
> applications
> >> >> > (assuming a properly configured server).
> >> >>
> >> >> I haven't delved into this deeply yet, but I suspect that, while I am
> >> >> fond of client certs, they won't work - SSL network and CPU overhead
> >> >> and sidestepping PKI madness for server certs. More on this when I
> get
> >> >> to implement it.
> >> >>
> >> >> Now, anyone who wants to have a strong say on how I am developing
> this
> >> >> is free to start implementing it ahead of me, and showing me some
> >> >> fantastic patches :-)
> >> >>
> >> >> cheers,
> >> >>
> >> >>
> >> >>
> >> >> m
> >> >> --
> >> >>  martin.langhoff at gmail.com
> >> >>  martin at laptop.org -- School Server Architect
> >> >>  - ask interesting questions
> >> >>  - don't get distracted with shiny stuff - working code first
> >> >>  - http://wiki.laptop.org/go/User:Martinlanghoff
> >> >
> >> >
> >> >
> >> > --
> >> > Frisbeetarianism is the belief that when you die, your soul goes up on
> >> > the
> >> > roof and gets stuck -- George Carlin
> >> > _______________________________________________
> >> > Devel mailing list
> >> > Devel at lists.laptop.org
> >> > http://lists.laptop.org/listinfo/devel
> >> >
> >> >
> >
> >
> >
> > --
> > Frisbeetarianism is the belief that when you die, your soul goes up on
> the
> > roof and gets stuck -- George Carlin
>



-- 
Frisbeetarianism is the belief that when you die, your soul goes up on the
roof and gets stuck -- George Carlin



-- 
Frisbeetarianism is the belief that when you die, your soul goes up on the
roof and gets stuck -- George Carlin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/sugar/attachments/20080707/7d3d4e9a/attachment.htm

More information about the Sugar-devel mailing list