We continue our discussion on Conjugate Gradient method. We review the non-linear conjugate gradient method. CG can be used not only to find the minimum point of a quadratic form but to  minimize any continuous function where the gradient can be computed. CG for the non-linear forms have the following challenges:
1) the recursive formula for residual cannot be calculated.
2) the step size alpha is difficult to calculate although we still use a linear expression using alpha to compute the next step but a function of it and we try to minimize  it.
3) and the Gram-Schmidt constants have many choices
We set the residual to be the negative of the gradient. The search directions are computed by the Gram-Schmidt conjugation of the residuals as with linear CG.
To overcome 1 we set the residual to be the negative of the gradient.
To overcome 2 we minimize the function
To overcome 3 we use one of two different techniques to choose the constants

Int GetDistinctMax (int [] A)

{

if (A == null) return 0;

return A.DistinctMax ();

}

In today's post we continue our discussion on Conjugate Gradients method. We looked at the effectiveness of a preconditioner in solving the linear matrix equation. CG can also be used to solve equations where the matrix A in the linear equation is not symmetric, not positive-definite, and even not square. In such a case we minimize the sum of squares of the errors because there may not be a solution. To find this minimum, we set the derivative of the linear expression to zero. We do this by applying A-transpose on both sides of the linear equation . When the matrix A is not a square, there are possibly more linearly independent equations than variables which may not have a solution.  This is called an over-constrained equation. But it is always possible to find a value of x that minimizes sum of squares. A-transpose A is symmetric and positive. In such cases, Steepest Descent and CG can be used to solve the linear equation. The only nuisance is that the condition number of A-transpose A is the square of A and the convergence is much slower. Also, the linear equation may be underconstrained when there are less equations than variables, then using the transpose doesn't help and CG cannot be applied.  That said, when we use this technique, we apply the A-transpose A, we never form it explicitly because it is less sparse than A. Instead it is formed by finding the product Ad, and then the transpose is applied to the product.
#codingexercise
Int GetDistinct (int [] A)
{
if (A == null) return 0;
return A.Distinct ();
}

Sample python flask server to issue tokens based on OTT mentioned in earlier post:

# coding: utf-8

from datetime import datetime, timedelta

from flask import Flask

from flask import session, request

from flask import render_template, redirect, jsonify

from flask_sqlalchemy import SQLAlchemy

from werkzeug.security import gen_salt

from flask_oauthlib.provider import OAuth2Provider

from tokenprovider import TokenProvider

from json import dumps

import random

import string

app = Flask(__name__, template_folder='templates')

app.debug = True

app.secret_key = ''.join([random.choice(string.digits +

                   string.ascii_uppercase) for x in range(0, 32)])

app.config.update({

    'SQLALCHEMY_DATABASE_URI': 'mysql://root:thepassword@127.0.0.1/token',

})

db = SQLAlchemy(app)

oauth = OAuth2Provider(app)

class User(db.Model):

    id = db.Column(db.Integer, primary_key=True)

    username = db.Column(db.String(40), unique=True)

    salt = db.Column(db.String(4))

class Token(db.Model):

    id = db.Column(db.Integer, primary_key=True)

    user_id = db.Column(

        db.Integer, db.ForeignKey('user.id')

    )

    user = db.relationship('User')

    # currently only bearer is supported

    token_type = db.Column(db.String(40))

    access_token = db.Column(db.String(6))

@app.route('/', methods=('GET', 'POST'))

def home():

    if request.method == 'POST':

        username = request.args.get('username','')

        user = User.query.filter_by(username=username).first()

        if not user:

            user = User(username=username,

             salt=''.join([random.choice(string.digits + string.ascii_uppercase)

            for x in range(0, 4)]

            ))

            db.session.add(user)

            db.session.commit()

        session['id'] = user.id

        print str(session)

        return redirect('/')

    user = None

    if 'id' in session:

         uid = session['id']

         user= User.query.get(uid)

    return jsonify({'msg': 'welcome,'+ str(user), 'success':'success'}), 200

@ott.tokengetter

def check_token(access_token=None):

    if access_token:

        return Token.query.filter_by(access_token=access_token).first()

    return None

@app.route('/session/', methods=('GET'))

def session():

     sessions = list()

     [sessions.append(i) for i in db.session]

     return jsonify ({'sessions': json.dumps(sessions)}), 200

@ott.tokensetter

def save_token(token, request, *args, **kwargs):

    id = User.query.filter_by(username=request.args.get('username','')).first().id

    toks = Token.query.filter_by(

       user_id = id

    ).all()

    # make sure that every client has only one token connected to a user

    db.session.delete(toks)

    tp = TokenProvider()

    tok = Token(user=request.args.get('username',''),

                token_type='bearer', access_token=tp.set_token())

    tok.save()

    tok.user_id = request.user.id

    db.session.add(tok)

    db.session.commit()

    return tok

if __name__ == '__main__':

    db.create_all()

    app.run(debug=True,port=8787)

In today's post we continue our discussion on how an OTP provider can replace the tokens used by an API for checking authorization. In this case, the we will call it an OTT provider. An OTT provider converts all users/ digests/sessions/cookies  to track users into tokens. A TOTP 6 digit number as usually provided by OTP  providers. These tokens not only replace the credentials but also serve to maintain sessions. With the API only accepting tokens, there is no need to track anything else. In a way there is no repository required fro the API implementations to see if there is a token associated with a user or a client. The token itself has both pieces - 'what you know' and 'what you have' and the API implementation can validate the token the same way as when the caller did after requesting it.
There are only three players:
A token provider that issues and validates token
An API client that requests tokens from the token provider and validates it
An API server that accepts only tokens and validates it from the same token provider.
Tamper proofing the request or encrypting the transport layer is not part of this discussion but considered necessary.
Although the OTT is enclosed with the request and sent over the wire, it is temporary and gives the api what is needed.
OTP is covered in RFC 2289 which states that there are two entities in the operation of the OneTimePassword system. The generator must produce the appropriate one-time password from the user's secret pass phrase,  and from the information provided in the challenge from the server. The server must send a challenge that includes the appropriate generation parameters to the generator, must verify the one time password received, must store the last one time password it received, and must store the corresponding one-time password sequence number. The server must also facilitate the changing of the users' secret passphrase in a secure manner.
Int GetDistinctMean (int [] A)
{

if (A == null) return 0;

return A.GetDistinctMean ();

}

Int GetDistinctMedian (int [] A)

{

if (A == null) return 0;

return A.GetDistinctMedian ();

}
Here's what a token provider server would implement:

Class TokenProvider ()
        Def login(self, request):
                Token = OneTimeToken ()
                 Session.Add (token)
                 Return token
        Def logout (self, request, token):
                token= Token.lookup (request)
                If token:
                           Token.remove (token)
                            Session.remove (token)
        Def refresh_token (token):
                Return Token.refresh (token)
        Def validateToken (token):
                Return OTT.validateToken
OTT defined at https://github.com/ravibeta/pythonexamples/tokenprovider.py      
and https://github.com/ravibeta/PythonExamples/blob/master/tokenserver.py
             

In today's post I continue discussing the method of Conjugate Gradients. We talked about preconditioning which is a technique for improving the condition number of a matrix. We tried to do  this by first approximating A with M.  M is a symmetric positive definite matrix which when inverted and applied to A  helps indirectly solve the linear matrix equation we started with. However applying the inverse of M to A doesn't always result in either  a symmetric or a definite matrix. Hence we brought in transformation where we substitute M with the E.E-Transposed. Such an E can be obtained by say Cholesky Factorization. In this case the substitution helps with making the component symmetric and positive definite. This process of using the CG is called the Transformed Preconditioned Conjugate Gradient Method.  This method has an undesirable characteristic that E must be computed. Instead if we do a few careful variable substitutions, it can eliminate E. If we choose the new residual as E-inverse applied to the original residual and if we choose the new search vector as E-transpose applied to the original search direction, then we can derive what is called the untransformed preconditioned conjugate gradient method.  The derivation works out like this: we start by finding the initial residual based on its definition and a starting position x0. we also set the initial search direction again based on its definition and using the initial residual.  We write down the step length in terms of the above and we write down the next position and the next residual in terms of this step length and their iterative definition. This lets us calculate the factor to use with the iterative defintion for the search vector. The matrix E does not appear in this method.
Since it works for the CG, we can use the same technique to derive a pre-conditioned Steepest Descent Method that does not use E.
Let us take a quick look how.
In the steepest descent method, we use the iterative definition involving the residual and the step-length. We start by finding the intial residual and a starting postion. We write down the step-length in terms of the residual and then we calculate the next position.
The effectiveness of a preconditioner M is determined by the condition number of Minverse A and occassionally by its clustering of eigenvalues. The problem is to find a preconditioner. that approximates A well enough such as to make up for the cost of calculating the  product M-inverse current residual once per iteration. The simplest pre-conditioner is a diagonal matrix. whose diagonal entries are identical to those of A. The process of applying this pre-conditioner, known as diagonal pre-conditioning or Jacobi pre-conditioning, is equivalent to scaling the quadratic form along the coordinate axes.
Another trivial pre-conditioner is to take a matrix M as A which gives us the quadratic form to be perfectly spherical. and so the solution takes only one iteration. The catch is that we aren't solving the linear equation we begin with so this isn't helpful.
There are many other pre-conditioners that have been studied. Some have been much more sophisticated.

#codingexercise
int GetCountOfLinesInSourceCode(string text)
{
         var lines = text.split('\r\n');
         int count = 0;
         bool skip = false;
         foreach ( var line in lines )
         {
              if (String.IsWhiteSpace(line)) continue;
              if (line.startswith(single_line_comment)) continue;
              if (line.startswith(multi_line_comment_begin)) { skip = true; continue;}
              if (line.startswith(multi_line_comment_end)) {skip=false; continue;}
              if (!skip) count++;            
          }
         return count;
}

Today we continue to discuss some more of the authentication and authorization frameworks. In particular, we look at information rights management process such as in Oracle IRM. The process involved is as follows:
An author creates a document or an email on her desktop or notebook.
The document is sealed by the author when she publishes it. The document is then sent to the receiver
The receiver click on the document. The document is encrypted and cannot be opened without an installed IRM application. If the application is available, it can then be decrypted and shown to the receiver.
The components involved in this process include:
- an identity manager to centrally provision IRM users and entitlements.
 - a virtual directory to synchronize IRM users and groups
 - a Single sign on for desktop single sign on.
All user interfaces are consistent through out the users use of the applications and built on the same platform framework. The users have a seamless and familiar interface for access management. The identity management is provided by the Oracle Identity Manager. The identity management architecture is built on  a data tier that supports an operational db, an ID store, and an audit DB.  The Oracle web logic server is the layer above the data tier. This layer is responsible for all of domain template management, configurations, and installing, upgrading and patching.  The weblogic server maintains a unified, consolidated and consistent view over the ID store which includes membership providers such as Active Directory. The layer above the web logic server is the Fusion middleware services provides such functionality as
the ability to configure new metadata models
to provision new users or export user information to other systems
for users to administer their own profiles with fine grained entitlements
for policy management based on profiles
for creating and provisioning workflows that enables automation of IT tasks along with a Workflow visualizer and a designer.
a password management that includes self-service.
and audit and compliance management

decimal GetCountDuplicatesStandardDeviation (int [] A)

{


if (A == null) return 0;


return A.GetCountDuplicatesStandardDeviation();



}

Int GetDistinctMode (int [] A)
{



if (A == null) return 0;



return A.GetDistinctMode ();



}