Finally! I’ve got what I hope to be a decent prototype for a Drupal Information Card module.    I’ve made huge changes to the user interface on this one, and as a result, I hope to have streamlined the process for framework owners.   What I haven’t yet got, is a lot of eyeballs from a lot of people on different platforms, in different situations, and with different frames  of mind.  If you have 5 extra minutes, please check out my example site.   There is a poll there to let you give extra-fast feedback, and there is a feedback form if you want to address a specific finding.

Here’s a quick summary of the new features:

User Card Management

• Once authenticated, users can add and remove cards from their accounts, as well as seeing when the card was associated and when it was last used.

Lost Card Recovery

• Users can now use an email-based recovery process to attach a card to an account that they’ve lost credentials to.  This is incredibly important in a case where all passwords have been turned off for the site.

Purple “i” means Selector launch

• Everywhere you see a purple “i”, you should see a selector launch immediately – no more intermediate pages.
• (Note there is a purple “i” in the card mgmt console, that card will eventually launch the selector to verify the Friendly Identifier)

Minimum clicks

• The goal is to get the job done in the smallest number of clicks.   There is probably even more to be done here, but we’ve made progress.

Developer Improvements

• Code is now documented with a standardized, doxygen-compatible format
• Much more consistency in approach
• Lots more to do ;)

WordPress users:  I’m upgrading that plugin right now to use the same flows — so if you don’t like them, speak now!

You wouldn’t guess it from the announcement, but WordPress 2.6 completely changes the cookies set when a user authenticates, and in the process breaks quite a few WordPress Authentication Plugins, including Pamelaware for WordPress.

I am fiddling with the fix now, but haven’t quite perfected the process;  I can set the new cookies, using the new cookie setting function, but somehow the cookies I set with the cookie setting function don’t look exactly the same as the cookies WordPress sets when it executes the same function.

There have been a few non-plugin-related panics around the cookies as well – some admins are unable to get to their consoles.  Fixes range from clearing your browser cache and deleting cookies to adding an extra define statement in your wp-config.php file.

If you have already upgraded to WordPress 2.6, you’ll need to disable the Pamelaware for WordPress plugin until I can get this fix out — I hope this will be today.  If you haven’t upgraded to WordPress 2.6, you may want to hold off, or at least to make sure you have time to deal with possible authentication issues like the ones that are cropping up in the forums.

The good news is that I now know that if you develop WordPress authentication plugins, you need to be subscribed to this guy’s blog if you don’t want to be caught by surprise with changes to authentication mechanisms in WordPress.

Update:  I have a working fix now — you can get it from the 0.9 release branch subversion tree, if you want to play.  I have not yet updated the tarball to reflect this change, as I haven’t tested it enough to be sure it won’t break under obscure circumstances.  Contact me if you want more detail prior to a tested release.

Last weekend while I was out at my cabin, Ryan Janssen was trying to install PamelaWare for WordPress. Generally I wouldn’t be too concerned, as my project members and I have worked hard to make the install relatively easy.

I try to make myself available as tech support if I know anyone is trying to get the plugin to work, because I want to make sure everyone has a good experience — but in doing so, it turns out that I was masking a critical flaw in both the documentation and the administrative user interface.

For more details, you should read Ryan’s entry, I recommend it – the entry very clearly describes his frustration around not knowing what format of private key, passphrase, and domain name the plugin was expecting, and his eventual success by brute-forcing all of the possible combinations.

Obviously, this isn’t exactly the review I was expecting :) But luckily, I have just finished Henry Petroski’s book “To Engineer is Human; The Role of Failure in Successful Design” (recommended during Brian Cheess & Gunnar Peterson’s AWESOME RSA talk). As such, I have to note that I did not design to obviate failure in this case — but that the failure Ryan experienced can now be learned from and used as a cautionary tale for the future.

As a result of Ryan’s sacrifice of time and his willingness to describe his pain, I’ve updated my documentation to include an SSL Primer and an SSL Certificate FileType Guide, as well as screenshots of what a typical filled-in interface might include. I’ve also added a page explaining how to tell if your environment is set up for PHP version 5 and mcrypt (prerequisites for PamelaWare). I have not yet improved the user interface, but I will. I also think there is more to do, to explain what happens next once you’ve installed and configured the plugin. The great thing is, I’m now focused. And I can always go back to Ryan’s blog if I need to capture that feeling of “WTF do I do now?” :) Many thanks to Ryan for not just walking away, and for writing it all down.

For your holiday hacking fun, I’ve got a new version of PamelaWare for WordPress ready!

Version 0.9 is a big improvement over previous stable releases, but still only allows a single card to be associated with a given account. While you’re messing with this version, I’m hoping to add the ability to associate multiple cards with a given account, as well as the ability to add and remove cards while in an authenticated state.

I have tested this version extensively — but I’m sure I’ve missed things — any of you who might wish to play could go to my test blog: http://pamelaproject.com/pamtest if you want to play with a vanilla install, and to the pwwp main blog: http://pamelaproject.com/pwwp if you want to test a blog upgraded from the original beta.

If you want to see what’s up with the Pamela Project, you should check out our development site: http://code.pamelaproject.com.

I’d like to see a few people (like, oh, say, Kim) give this version the thumbs up before I holler about it too loudly. But I’m really glad it is out. You can get tarballs or go directly to subversion from our development site.

Have fun, drop me a line if you see any problems. I’m away snowmobiling until January 2nd, so until then, enjoy yourself, and Happy New Year!

WordPress has put out a new upgrade for both the 2.0.x and 2.1.x versions – in case all you beta testers were wondering, the new version is compatible with PW-wp operation.

There is, however, a one-line code difference between the version 2.1.2 wp-login.php file and the version 2.1.3 wp-login.php file, so you will have to re-insert the pamelaware redirect into the login file according to the instructions in the Information Card Options page once the upgrade is complete. I have not tested the 2.0.10 wordpress branch, as I don’t know anyone who is using the 2.0 version — if you are, and you want me to test PW-wp in cases like these, just let me know.