Welcome!
Everything is fine.

Plan

  1. Announcements
  2. SAML SSO Demo
  3. Closing Remarks and Big Ideas
  4. Brief Group Meetings
  5. LER & Anonymous Group Survey (20 minutes; I'll leave the room)

Announcements

  • Happy LDOC! 😊
  • Project
    • Beta version due end of exams
    • Please make a video of your beta version.
    • There is an individual "who did what" assignment.
      • need not be long or formal
      • lists of features, tasks, etc, is sufficient
      • I'm looking for consistency and balance
    • More is not always better.
    • Version 1.0 should be sound and functional, but not complete
    • You can leave things for Version 2.0 (which may never get done)
  • My schedule over RP and Exams:
    • I will respond to emails and I'll make OH available
    • Always happy to set up an appointment
  • Grading status
    • Everyone has submitted Alpha. Bravo!
    • I'll prioritize feedback on Alpha version, then Ajax.
    • Please contact me about any assignments you are missing; I don't want to have to chase you down.
    • Nothing can be accepted after 4pm on last day of exams.

SAML / SSO

SAML = Security Assertion Markup Language

Roles

  • Principle (typically a human user)
  • IdP == Identity Provider (here at Wellesley, that's Duo)
  • SP == Service Provider (your app)

Not just anyone can contact the IdP to do authentication.

  • The IdP has to know about the SP in advance.
  • The SP provides some endpoints from which the redirect will come and to which they will redirect after login
  • There's an X509 certificate that the IdP gives us
  • We also have to have HTTPS connections, which entails some additional Flask work

Here's a glimpse of some of the pieces:

I'll do a quick demo in my account.

Limitations:

  • We currently only have one set of URLs approved, so (for now) teams will have to share
  • An easy example with directions is still TBD

There are other implementation details we haven't covered, but I will continue to work on the directions and I'm happy to meet with people (or communicate by email) if you want to do SAML.

SAML is not required, and if you are just interested and want to do it for version 2.0, that's fine.

Closing Remarks for CS 304

This course is entitled Databases with Web Interfaces. We've learned:

  • the SQL language and how to create tables, insert/update/delete data and to query it
  • practical skills in working with the MySQL client
  • joins and the notion of normalizing tables (and reasons sometimes not to), though not much on normalizing
  • referential integrity and keeping our databases sensible, with working foreign keys
  • ER diagrams as a way to describe our data and relationships in a pictoral way
  • the PyMySQL API to the MySQL DBMS
  • Flask as a lightweight Python web framework, which takes care of
    • parsing the incoming requests, including the URL
    • routing requests to handlers
    • rendering templates with static HTML and dynamic data
    • a bunch of other useful things, like cookies, sessions, and redirects
  • HTML forms for collecting data from the user
  • GET/POST as methods for submitting data
  • accessibility in web forms
  • cookies and sessions to build seamless applications
  • storing passwords in an encrypted way using bcrypt
  • file upload in web applications
  • Ajax from the back-end, responding the JSON data
  • REST APIs, responding to a set of HTTP methods (verbs) and patterned URLs:
    • POST /collection/ to create a new item
    • GET /collection/id to get an item
    • PUT /collection/id to replace an item
    • DELETE /collection/id to replace an item

We decided to omit JavaScript, so we didn't learn about some front-end technologies like:

  • JavaScript to run code in the browser
  • The DOM to modify the dynamic page and to handle events
  • jQuery to make it easier to use the DOM
  • Ajax to make asynchronous web requests, receive the response and update the page

Finally, we learned about some related important concepts and techniques:

  • transactions as atomic database operations
  • locks around atomic operations
  • threads as a way to work concurrently
  • node.js and event-loop programming as an alternative to threads
  • mongodb and NoSQL databases as an alternative to MySQL

Some less-important things we learned include

  • Version control with GIT
  • SSH keys
  • SAML/SSO

Big Ideas

We've learned a lot. It's unreasonable to expect you to remember all of that. But there are some big ideas worth remembering:

  • Web applications as a front end and a back end
  • The back end communicating with a DBMS (of some sort) using an API
  • Designing data representations using tables and foreign keys
  • retrieving data, rendering templates and sending it to the browser

This is essentially the picture that we began the course with:

Complete web round trip

Group Work Form

I'll send the group work form around.