<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Benoit,<div><br></div><div>Thanks for this info. We actually use the URL redirect on some hotspots, but it is not functional enough nor does it do what I was speaking about in my previous emails.</div><div><br></div><div>Right now, with URL redirect, a user is no longer authorized. We don't care _that_ much about a user identifying themselves, however we do care _a lot_ about a user agreeing to Terms of Service. In the current system, once a user is redirected to an external URL, they have free access to the internet. This is a non-starter for a number of our hotspots.</div><div><br></div><div>What we need is an authorization scheme, whereby a user is directed to an external URL, and that user can only access that URL or that site. Only once a user has logged into the external system (which means they have agreed to TOS) should they be authorized to access the internet in general.</div><div><br></div><div>This can be handled via a callback function, using a public/private signed key with a token passed in by the URL redirect. Such a system (I believe) provides authorization functionality, as well as being secure against either a 3rd party attack or a hand-crafted URL (since the callback must be signed by a private key kept only on the CMS).</div><div><br></div><div>The custom portal issue isn't as big a deal as some may think. Location awareness can be provided to an external CMS by a few different means, including a lat/long URL parameter or an external Auth server API that enables a CMS to query the Auth server for the "location" of a user (based on external IP address and/or user key). Its possible (though not preferable) to even interject HTTP headers or URL parameters into a stream via the router (though this obviously won't work for SSL sites).</div><div><br></div><div>Regardless of how we chose to solve the Location awareness issue, as long as there is a simple authorization mechanism, plugins for various popular CMSes (including Drupal, WordPress, etc.) are easy to build, and some folks already have most of the components through various other Wi-Fi captive portal systems. Even building something from scratch (which NYCwireless might be willing to do) should be easy if you have some development skills and the proper documentation.</div><div><div apple-content-edited="true"> <span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Lucida Grande'; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div><br class="Apple-interchange-newline"><br>Dana Spiegel<br>Executive Director, NYCwireless<br><a href="mailto:dana@nycwireless.net">dana@nycwireless.net</a><br>+1 917 402 0422<br><br></div><div>-------------------</div><div>NYCwireless is a non-profit organization that advocates for, and enables the growth of free, public wireless networks<br></div><div>-------------------</div></span> </div><br><div><div>On Apr 6, 2009, at 4:50 PM, Benoit Grégoire wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Lucida Grande'; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="font-family: 'DejaVu Sans'; font-size: 9pt; font-weight: 400; font-style: normal; ">> There is an important related question: do you consider the current<br>> wifidog and portal to be tied together and form a single product, or do<br>> you consider them to be separate things and encourage development of<br>> other portals using the wifidog server?<br><div style="white-space: pre-wrap; margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; text-indent: 0px; "><br></div>That's a bit of a false dichotomy. The wifidog auth server can send users to a custom URL (drupal or otherwise) NOW.<br><div style="white-space: pre-wrap; margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; text-indent: 0px; "><br></div>It has all the infrastructure in place to sent location ans user specific variables already in place (as used in the SmartyTemplate) content type, it would be trivial to extend the node redirection code tu use it to allow crafting URLs automatically, should someone have a CMS that can utilise such data.<span class="Apple-converted-space"> </span><br><div style="white-space: pre-wrap; margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; text-indent: 0px; "><br></div>The wifidog auth server's Content manager was designed to manage highly localized, highly granular content elements in complex display scenarios. Few groups actually decided to go in that direction.<br><div style="white-space: pre-wrap; margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; text-indent: 0px; "><br></div>It's pretty obvious that many groups see their portals as either one website per hostpot (supported now by custom portal URLs, and easy to improve upon) or as a single website with the occasional location-specific content element (for which the current Content Manager is overdesigned, but there is no easy 'in between" solution that doesn't involve everyone coding a custom portal.<span class="Apple-converted-space"> </span><br>--<span class="Apple-converted-space"> </span><br>Benoit Grégoire<div style="white-space: pre-wrap; "><br class="webkit-block-placeholder"></div>_______________________________________________<br>WiFiDog mailing list<br><a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a><br><a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a></div></span></blockquote></div><br></div></body></html>