Schema inheritance or 'anonymous' schemas? ... where URI not yet known

#1

Tobias,

I’d like to see you improve the documentation for Crossbar:

http://crossbar.io/docs/WAMP-CRA-Authentication/

Since you are in the process of defining how Schemas might work, what if you actually start by defining your own schemas for practice? Perhaps by going through the process, you’ll see what works and what doesn’t.

Here’s something to consider … anonymous schemas. Note that Crossbar allows you to define your own authentication function. Well, that procedure URI will be custom defined by developers. However, the developer needs to make sure the procedure they build will adhere to your pre-defined, but as yet unnamed, schema! Possibly you could give names to the schema from the wamp namespace like this:

wamp.schema.authenticate

wamp.schema.authorize

Then, when a user defines their schema, they can declare that they COPY or IMPLEMENT the other schema:

{

"$schema" : "http://wamp.ws/schema#",

"uri" : "com.example.authenticate",

"implements" : "wamp.schema.authenticate"

}

Regardless, I’d like to see what that schema looks like. Maybe you can post schemas for the dynamic authenticate and dynamic authorize procedures?

Rather than giving an example online like this in python …

def authenticate(realm, authid, details):

return credentials (secret + role) for user ‘authid’

return {‘secret’: ‘mypassword’, ‘role’: ‘sales’}

You could show me the schema I would need to implement as a developer … something along the lines of …

{

"$schema" : "http://crossbar.io/schema#",

"uri" : "wamp.schema.authenticate",

"type" : "procedure",

"title" : "Dynamic Authenticator procedure for Crossbar.io node.",

"description" : "Called by Crossbar.io during authentication of (other) users.",

"args" : [

	{

		"type" : "string",

		"name" : "realm",

		"description" : "The realm the client wishes to join",

		"required" : true

	},

	{

		"type" : "string",

		"name" : "authid",

		"description" : "The authentication ID the client announced (e.g. username).",

		"required" : true

	},

	{

		"type" : "object",

		"name" : "details",

		"description" : "Additional information on the WAMP client that wishes to authenticate (such as transport level data, e.g. IP address or HTTP headers)",

		"properties" : {

			"session" : {},

			"realm" : {}

		},

		"required" : true

	}

],

"result" : [

	{

		"type" : "object",

		"properties" : {

			"secret" : {

				"type" : "string",

				"description" : "The secret shared with the client (possibly after salting)",

				"required" : true

			},

			"role" : {

				"type" : "string",

				"description" : "The authrole to assign the client to if successfully authenticated",

				"required" : true

			},

			"salt" : {

				"description" : "If secret was salted, the salt used (with pbkdf2)"

				"required" : false

			},

			"iterations" : {

				"description" : "If secret was salted, the iterations during salting (a parameter of the pbkdf2 algorithm used)."

				"required" : false

			},

			"keylen" : {

				"description" : "If secret was salted, the keylen of the derived key (a parameter of the pbkdf2 algorithm used)."

				"required" : false

			}

		}

	}

],

"errors" : [

	"wamp.schema.error.authentication"

]

}

– Dante

0 Likes

#2

I agree with all you say below!

I’d say we should have both abstract schemas and examples in the docs though. Examples are much more approachable for most devs compared to JSON Schema …

···

Sent from Mobile (Google Nexus 5)

Am 20.01.2015 09:43 schrieb “Dante Lorenso” da...@lorenso.com:

Tobias,

I’d like to see you improve the documentation for Crossbar:

http://crossbar.io/docs/WAMP-CRA-Authentication/

Since you are in the process of defining how Schemas might work, what if you actually start by defining your own schemas for practice? Perhaps by going through the process, you’ll see what works and what doesn’t.

Here’s something to consider … anonymous schemas. Note that Crossbar allows you to define your own authentication function. Well, that procedure URI will be custom defined by developers. However, the developer needs to make sure the procedure they build will adhere to your pre-defined, but as yet unnamed, schema! Possibly you could give names to the schema from the wamp namespace like this:

wamp.schema.authenticate

wamp.schema.authorize

Then, when a user defines their schema, they can declare that they COPY or IMPLEMENT the other schema:

{

“$schema” : “http://wamp.ws/schema#”,

“uri” : “com.example.authenticate”,

“implements” : “wamp.schema.authenticate”

}

Regardless, I’d like to see what that schema looks like. Maybe you can post schemas for the dynamic authenticate and dynamic authorize procedures?

Rather than giving an example online like this in python …

def authenticate(realm, authid, details):

return credentials (secret + role) for user ‘authid’

return {‘secret’: ‘mypassword’, ‘role’: ‘sales’}

You could show me the schema I would need to implement as a developer … something along the lines of …

{

“$schema” : “http://crossbar.io/schema#”,

“uri” : “wamp.schema.authenticate”,

“type” : “procedure”,

“title” : “Dynamic Authenticator procedure for Crossbar.io node.”,

“description” : “Called by Crossbar.io during authentication of (other) users.”,

“args” : [

  {
  	"type" : "string",
  	"name" : "realm",
  	"description" : "The realm the client wishes to join",
  	"required" : true
  },
  {
  	"type" : "string",
  	"name" : "authid",
  	"description" : "The authentication ID the client announced (e.g. username).",
  	"required" : true
  },
  {
  	"type" : "object",
  	"name" : "details",
  	"description" : "Additional information on the WAMP client that wishes to authenticate (such as transport level data, e.g. IP address or HTTP headers)",
  	"properties" : {
  		"session" : {},
  		"realm" : {}
  	},
  	"required" : true
  }

],

“result” : [

  {
  	"type" : "object",
  	"properties" : {
  		"secret" : {
  			"type" : "string",
  			"description" : "The secret shared with the client (possibly after salting)",
  			"required" : true
  		},
  		"role" : {
  			"type" : "string",
  			"description" : "The authrole to assign the client to if successfully authenticated",
  			"required" : true
  		},
  		"salt" : {
  			"description" : "If secret was salted, the salt used (with pbkdf2)"
  			"required" : false
  		},
  		"iterations" : {
  			"description" : "If secret was salted, the iterations during salting (a parameter of the pbkdf2 algorithm used)."
  			"required" : false
  		},
  		"keylen" : {
  			"description" : "If secret was salted, the keylen of the derived key (a parameter of the pbkdf2 algorithm used)."
  			"required" : false
  		}
  	}
  }

],

“errors” : [

  "wamp.schema.error.authentication"

]

}

– Dante

You received this message because you are subscribed to the Google Groups “Crossbar” group.

To unsubscribe from this group and stop receiving emails from it, send an email to crossbario+...@googlegroups.com.

To post to this group, send email to cross...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/2a46e184-f454-4602-81d1-5e86563cbdaa%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

0 Likes