What is JWT?

This post explains what JWT is, without getting into technical details you don’t need to know. Intention of the post is to dispel some harmful misconceptions.

What JWT Looks Like

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
If you look carefully, it’s basically three gibberish text separated by a period. Th role each part plays are:
Header.Payload.Signature
They look gibberish because they are encoded. Important part is the payload. Rest is there to describe (header) and protect (signature) the payload.

What Each Part Does

Header primarily describes (using JSON) how the Payload was signed so the Signature can be verified.
{
 "alg": "HS256",
 "typ": "JWT"
}
Payload is a collection of name-value pairs presented as JSON like this:
{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true
}
Signature protects both the Header and the Payload so that neither can be changed without detection.

Key Points About JWT

OpenID Connect Logout Implementer’s Drafts Approved

As announced by the OpenID Foundation, the OpenID membership has approved Implementer’s Drafts of the three OpenID Connect logout specifications. That means that developers and deployers can now count on the intellectual property protections that come with being Implementer’s Drafts. These are the first Implementer’s Drafts of these specifications:
  • Front-Channel Logout – Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
  • Back-Channel Logout – Defines a logout mechanism that uses back-channel communication between the OP and RPs being logged out
Whereas, this is the fourth Implementer’s Draft of this specification:
  • Session Management – Defines how to manage OpenID Connect sessions, including postMessage-based logout functionality
Each of these protocols communicate logout requests from OpenID Providers to Relying Parties, but using different mechanisms that are appropriate for different use cases. See the Introduction sections of each of the specifications for descriptions of the mechanisms used and Continue reading "OpenID Connect Logout Implementer’s Drafts Approved"

Have we passed peak phone?

2017-03-27_subwayphones I should start by admitting I shot this picture with my phone. Also that on my rectangle with the rest of these people through most of this very typical subway trip yesterday. I don’t know what they were doing, though it’s not hard to guess. In my case it was spinning through emails, texting, tweeting, checking various other apps (weather, navigation, calendar) and listening to podcasts. We shape our tools and then they shape us. That’s what Marshall McLuhan’s main point was. And then we shape society, policy and the rest of civilization. People won’t stop staring at their phones, so a Dutch town put traffic lights on the ground, Quartz reports. In less than two years, most of the phones used by people in this shot will be traded in, discarded or re-purposed as iPods or whatever. And most of us will be tethered to Apple, Google and
250px-mediatetrad-svg
Continue reading "Have we passed peak phone?"

Old Blog Posts Restored

As Monthly Archive links in the left-side bar shows, I uploaded old blog posts last night. Restoration wasn’t perfect of course.
  • Posts from between late 2005 to 2007 is missing. If they are not among backups, I’m going to extract them from Internet Archive.
  • Comments weren’t uploaded. Still on my todo list.
  • Permalinks weren’t restored so links coming in will 404 until they’re fixed.
  • Deadlinks, missing stories and downloads.
  • Category extractor had a separator bug, creating nutty categories like general;technical.
Hope to address them all eventually.
Filed under: General

Oh frabjous day

  Today may turn out to be a very important day in the world of Test cricket. Regular readers will know that I am no fan of the Decision Review System (DRS). While I’m all for sensible use of technology in sport, I cannot abide the way “Umpire’s Call” is designed to work. It’s an … Continue reading "Oh frabjous day"

The New Pico Engine Is Ready for Use

Summary: The new pico engine is nearly feature complete and being used in a wide variety of settings. I'm declaring it ready for use. The mountains, the lake and the cloud
A little over a year ago, I announced that I was <a href="http://www.windley.com/archives/2016/03/rebuilding_krl.shtml">starting a project to rebuild the pico engine</a>. My goal was to improve performance, make it easier to install, and supporting small deployments while retaining the best features of picos, specifically being Internet first. 



Over the past year we've met that goal and I'm quite excited about where we're at. Matthew Wright and Bruce Conrad have reimplemented the pico engine in NodeJS. The new engine is easy to install and quite a bit faster than the old engine. We've already got most of the important features of picos. My students have redone large portions of our supporting code to run on the new engine. As a result, the new engine is sufficiently advanced that I'm <!--more--> it ready for use. 



We've updated the <a href="https://picolabs.atlassian.net/wiki/spaces/docs/pages/19791878/Pico+Engine+Quickstart" >Quickstart</a> and <a href="https://picolabs.atlassian.net/wiki/spaces/docs/pages/1185969/Pico+Programming+Lessons">Pico Programming Lessons</a> to use the new engine. I'm also adding new lessons to help programmers understand the most important features of Picos and KRL.



My Large-Scale Distributed Systems class (CS462) is using the new pico engine for their reactive programming assignments this semester. I've got 40 students going through the pico programming lessons as well as reactive programming labs from the course. The new engine is holding up well. I'm planning to expand it's use in the course this spring. 



Adam Burdett has redone the <a href="http://www.windley.com/archives/2016/07/pico_labs_at_open_west.shtml" >closet demo we showed at OpenWest</a> last summer using the new engine running on a Raspberry Pi. One of the things I didn't like about using the classic pico engine in this scenario was that it made the solution overly reliant on a cloud-based system (the pico engine) and consequently was not robust under network partitioning. If the goal is to keep my machines cool, I don't want them overheating because my network was down. Now the closet controller can run locally with minimal reliance on the wider Internet.



Bruce was able to use the new engine on a <a href="http://www.windley.com/archives/2017/01/using_picos_for_byus_priority_registration.shtml">proof of concept for BYU's priority registration</a>. This was a demonstration of the ability for the engine to scale and handle thousands of picos. The engine running on a laptop was able to handle 44,504 add/drop events in over 8000 separate picos in 35 minutes and 19 seconds. The throughput was 21 registration events per second or 47.6 milliseconds per request.



We've had several lunch and learn sessions with developers inside and outside BYU to introduce the new engine and get feedback. I'm quite pleased with the reception and interactions we've had. I'm looking to expand those now that the lessons are completed and we have had several dozen people work them. If you're interested in attending one, let me know. 

Up Next

I've hired two new students, Joshua Olson and Connor Grimm, to join Adam Burdett and Nick Angell in my lab. We're planning to spend the summer getting Manifold, our pico-based Internet of Things platform, running on the new engine. This will provide a good opportunity to improve the new pico engine and give us a good IoT system for future experiments, supporting our idea around <a href="http://www.windley.com/archives/2015/07/social_things_trustworthy_spaces_and_the_internet_of_things.shtml" >social things</a>.



I'm also contemplating a course on reactive programming with picos on Udemy or something like it. This would be much more focused on practical aspects of reactive programming than my BYU distributed system class. <a href="http://www.windley.com/archives/2015/11/reactive_programming_with_picos.shtml" >Picos are a great way to do reactive programming</a> because they implement an actor model. That's one reason they work so well for the Internet of Things.

Going Further

If you'd like to explore the pico engine and reactive programming with picos, you can start <a href="https://picolabs.atlassian.net/wiki/spaces/docs/pages/19791878/Pico+Engine+Quickstart"> with the Quickstart</a> and move on to the <a href="https://picolabs.atlassian.net/wiki/spaces/docs/pages/1185969/Pico+Programming+Lessons" >pico programming lessons</a>.



We'd also love help with the open source implementation of the pico engine. The <a href="https://github.com/Picolab/node-pico-engine">code is on Github</a> and there's well-maintained set of <a href="https://github.com/Picolab/pico-engine/issues">issues that need to be worked</a>. Bruce is the coordinator of these efforts.



Any questions on picos or using them can be directed to the <a href="http://forum.picolabs.io/">Pico Labs forum</a> and there's a pretty good set of <a href="https://picolabs.atlassian.net/">documentation</a>.

Photo Credit: The mountains, the lake and the cloud from CameliaTWU (CC BY-NC-ND 2.0) Tags: