> A private, ham only OpenID server? that should provide authentication
> as well as authorization for assorted servers. Make it stand alone &
> not tied to any particular service like amprnet or echolink or LOTW.
> make it freely accessible to anyone who wants to authenticate a ham
> anywhere.
Yes, that is the basic idea, but it should not be limited to website usage
and it should be possible to retrieve attributes such as "is this a verified
licensed hamradio operator". The user list could contain outsiders,
unverified hams and verified hams, and the facilities available to them could
be different. E.g. a user who is not a verified ham would not be able to use an
Echolink-like service, but they could read and contribute to a mailinglist.
The service should offer some different APIs, e.g. RADIUS for user/password
authentication and maybe something like OpenID for website logon.
When a user has a valid account, he should be able to obtain client certificates
for use in services where that is appropriate.
The PKI design has to be careful, with some attention to detail a lot of
mishaps can be avoided. This requires expertise in the matter.
Rob
Hi Chris,
I just tried your 44.131.151.2 NNTP server from my 44.135.92.10 machine
and was refused.
Ron
VE3CGR
> We've been running a news server (inn) for years. I've already put reader access in for ampr.org hosts to provide the same service that Brian provided on the machine that has died and is being decommissioned, it's on 44.131.151.2 or on the public Internet as nntp.comgw.net
> It wouldn't be difficult to setup some local groups just for amprnet use, it would also be fairly trivial to pipe this mailing list into a local group if that is of interest to anyone?
> Chris
> A private, ham only OpenID server?
This is similar to an idea I had several years back (2012 according to the
registration for my unused domain hamauth.com), but I couldn't find anyone
else at the time who was interested in it. As a result, it never won any
battles for my limited availability of time to work on it. :(
The basic idea was to define various assurance levels that people could
meet using various methods. Then, allow amateur radio websites and
services to define what level of assurance they need and allow them the
option to easily authenticate their users using a hosted service (using
things like OpenID or OAuth).
Those levels could be something like:
- Identity, call sign, operating privileges, and mailing address all
verified
- Call sign, operating privileges, and mailing address verified (LotW
gets us here)
- Call sign and operating privileges verified (We can verify their
license is valid, but only assume they're the legitimate holder of it until
it's challenged, somewhat like how qrz.com does it)
- Call sign claimed (not all countries have license info online for
verifying privileges)
- Non-amateur (not yet licensed)
For example, if a user can prove to us they have control over a valid LotW
certificate, they would get one of the highest levels of assurance because
we know the ARRL has already confirmed the validity of their license and
that they can receive mail at the license address. The user would then be
able to login with their call sign on just about any site that chooses to
use our service for authentication. However, some sites may not choose to
trust our third party service directly, so we could also be a resource on
how they could setup their own authentication and verification schemes.
While it might be a pain to get a LotW certificate, they are the only
organization I'm aware of that offers to authenticate amateurs from any
country. It's essentially a service they created to be globally trusted in
order to protect the integrity of their contests. In the past they've also
expressed a willingness to allow their service to be used for other general
amateur authentication purposes, so I don't think we need to worry about
them objecting to anything like this.
Also, there's no reason why the ARRL has to be the only source of that
trust. For example, if you have a valid client certificate loaded in your
browser with your call sign in the right place, we'll accept it on the
HamWAN portal ( https://encrypted.hamwan.org/ ) whether it's signed by
ARRL, or of it's signed by HamWAN's own certificate authority.
If there are other organizations in other countries that can authenticate
licenses in an easier fashion, we can definitely include them in the
process. They way other amateur services would just need to check a box
that says they trust that entity to validate users from that country.
I'm exceeded to see several others interested in this, but since it's
off-topic for this reflector, please join me in the new hamauth group. ;)
Click:
https://groups.io/g/hamauth
or
Email:
hamauth+subscribe(a)groups.io
Cory
NQ1E
Hello, I posted here a while back but have not made much progress.
I am a new Ham operator interested in packet and digital modes. I have
a small home setup with a terminal node controller attached to a vt100
terminal, I have been using it to reach the only other 2 packet
stations i was able to find in my area.
I have an interest in tcp/ip and wanted to try and connect to the 44
network if possible. I have had trouble finding information and
getting started.
I have a big interest in using some big older ibm gear. I have found
many programs that should get the job done, of interest is ka9q net
nos.
I have the hardware, the tnc, the computer, I am just uncertain of how
to go about using the software. Im having a real hard time finding any
local help on the subject. Ive tried no less than 3 of the local
clubs, none seem to have any members that even know much about packet
or tcp/ip over radio.
Ive asked around on a couple of the local repeaters as well, asked
some questions at the end of the weekly nets, only to find that there
does not to be anyone around with much knowledge on the subject.
I want to get started with this, i look to have all the hardware
needed to get it working but need advice on how to proceed. Any help
is much appreciated.
> Why not use LOTW for authentication?
> It's been done before and if you are LOTW verified it means that you are a radio amateur
It has also been done before (ab)using Echolink for authentication.
However they do not seem to like that, and probably rightly so.
(it puts the burden of license validation on them)
The same is probably true for LOTW when it would be heavily used outside its scope.
Some services require some form of client certificate, others (like NNTP) are better
off with a username/password. Both have to be catered for.
A good project on AMPRNet would be to setup a user authentication system that can be
used for our services without running the risk that some (ab)used party suddenly
draws back the support, or delays validation of new applicants (if only due to lack
of volunteers to do the validation).
Rob
I don't use the e-mail client to "reply". I have set the list to digest mode, the daily digests
I move to a separate folder that effectively is a trashcan, and I read the topics via the mailman
archive site where I cut and paste parts into a new mail message every time.
So no threads from me.
I don't like mailing lists. At ALL. Precisely because thread management is so difficult,
uninteresting threads cannot be killed, and traffic comes in between normal mail.
I would propose setting up a small USENET server with one or a couple of groups and then
use a newsreader to read and reply to the threads.
But that is apparently considered old-fashioned as well by some, and newer methods
are considered unacceptable.
So, no change. Live with it. Make a processing rule in your mailclient that dumps the 44net
mail in a separate folder, so your Inbox is left clean.
Rob
> >/The problem is that many readers get the "Digest" version of this list, /> >/which means that they don't have any easy way to respond to a post from /> >/a digest, without breaking the threading info that needs to be included /> >/in the reply's headers. /
> This is rather easy, and incumbent on the digest users.
> 1. In your list preferences, "Get MIME or Plain Text Digests?" needs to be set
> to MIME.
> 2. In the digest now you will have a link to click on as a reply.
The problem with that is the digest only arrives once per day, so you will
be replying quite late and the whole discussion becomes very difficult to
track when some people reply right away and others reply after receiving the
digest.
Rob
So if he was not run off from all of the Social media vs email list stuff.
Sherman W4ATL joined the list to answer any Data Radio questions. Sherman
was the chief engineer at DR when I was there. His knowledge is going to
be pre-cal amp take over. So any of the current off the shelf stuff is
going to use proprietary information that I doubt Cal-Amp will publish.
Even the older stuff uses proprietary code mmunitariona protocals, but the
ability to hack these is likely as they are just Z80 processors. So
Sherman if your still here and are willing to answer any questions go for
it....
Lin N4YCI
Applying for a LOTW cert is a rather painful and intrusive process outside of the USA.
Josh
-------- Original message --------
From: Ruben ON3RVH <on3rvh(a)on3rvh.be>
Date: 15/09/2017 20:01 (GMT+10:00)
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: Re: [44net] USENET news on AMPRNet
Why not use LOTW for authentication?
It's been done before and if you are LOTW verified it means that you are a radio amateur
73,
Ruben - ON3RVH
-----Original Message-----
From: 44Net [mailto:44net-bounces+on3rvh=on3rvh.be@hamradio.ucsd.edu] On Behalf Of Rob Janssen
Sent: vrijdag 15 september 2017 11:43
To: 44net(a)hamradio.ucsd.edu
Subject: Re: [44net] USENET news on AMPRNet
> Don't solve a problem that doesn't exist.
> Usenet access is readily and economically available. There are enough
> providers that there are sites that review which is best.
> Google for 'usenet providers' and see for yourself.
The idea of course (at least I think) wasn't to provide generic usenet access on AMPRNet. Instead, it would be used for closed access discussion like this mailing list. Only a couple of hamradio related groups.
Of course this immediately shows the practical problem: the authentication of valid users. You would need to maintain a table of users similar to what the mailing list now has, and when you want a couple of news servers around the world, you would want this access information to be somehow synchronized between them.
Additionally, you may want some groups accessible to "any radio amateur".
But then you run into the problem that has been encountered so often: how to authenticate a radio amateur without maintaining yet another user list where new applicants have to be validated by people who would prefer to do more valued work.
Rob
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
