| Sun & OpenID |
[May. 15th, 2007|09:34 am] |
This is good for OpenID...
Sun just pre-announced their OpenID IP Non-Assertion Covenant, saying very clearly and strongly that they won't assert any patent claims against anybody implementing OpenID, as long as said person/company doesn't assert any patents against any other OpenID implementation (not just against Sun). And also said they don't necessarily have any relevant patent claims. etc, etc.
The official legalese (going up on their website soon) is actually very readable. Thanks, Sun!
Basically big company making public statement that OpenID is safe and preventing anybody from suing anybody.
Patent cold war == good thing (considering current patent situation).
( Picture stolen from David... ) |
|
|
| AOL supporting OpenID |
[Feb. 16th, 2007|05:25 pm] |
Yes, friends, AOL is now supporting OpenID.
I figured I'd better say something so everybody stops spamming me about it. :-)
Microsoft, AOL, Verisign, Symantec, .... anybody else I'm forgetting? Good times. |
|
|
| Microsoft & OpenID |
[Feb. 6th, 2007|09:54 am] |
So Bill Gates just announced earlier this morning (while I was sleeping in / recovering) that Microsoft is supporting OpenID.
When I made OpenID, I intentionally left the method of authentication undefined. (feature, not a bug!)
Now people ask me what I think about Microsoft supporting it, using their InfoCards as the method of authentication.... I think it's great! So far I've seen Kerberos integration for OpenID, voiceprint biometric auth (call a number and read some words), Jabber JID-Ping auth, etc.... all have different trade-offs between convenience and security. But as more people have CardSpace on their machines, users should get both convenience and security. (sorry, I'm not totally up on all the details... just seen demos....)
Anyway, I and others at Six Apart are thrilled to see Microsoft supporting OpenID. Kudos!
Other news from the blagosphere:
http://www.identityblog.com/?p=668
https://blogs.verisign.com/infrablog/2007/02/verisign_microsoft_partners_to_1.php
http://kveton.com/blog/?p=221
http://www.sxip.com/newsitem-microsoft_openid_community_sxip_janrain_verisign
http://netmesh.info/jernst/Digital_Identity/cardspace-openid.html
http://yro.slashdot.org/yro/07/02/06/2152214.shtml |
|
|
| OpenID in Firefox 3?! |
[Jan. 11th, 2007|10:36 am] |
What's this I hear about OpenID planned for Firefox 3?
Anybody know more?
I'm excited that OpenID adoption is picking up!
(I've even got Ben to add RP/Consumer support to Vox... he just needs to hide a bunch of things in the UI when you're logged in as an OpenID user that you can't do as a "half user"...) |
|
|
| OpenID popularity |
[Nov. 11th, 2006|10:18 am] |
I'm getting a steady volume of Google Alerts about OpenID lately, so I checked out Google Trends:
http://www.google.com/trends?q=openid
Look at all the interest from Russia.... wow. |
|
|
| OpenID vs. Roboform |
[Sep. 1st, 2006|11:32 pm] |
Heh.... CNET Article on OpenID vs the comments on that post:
"You should use Roboform!"
"Upgrade to a Mac and use Keychain!"
"I love Roboform!"
Heh.
Not quite getting it, y'all. |
|
|
| OpenID and SixApart |
[May. 30th, 2006|10:58 am] |
I've been getting an increasing number of inquiries lately into the state of SixApart's committment/involvement with OpenID now that David Recordon has left SixApart and moved to Verisign.
Hopefully this post will clarify the state of things.
I originally did OpenID as an independent side project, not officially sanctioned by work. I worked on integrating it into TypeKey and LiveJournal and tried to get others at work excited about it. David was one of the most excited, helping me do more LiveJournal integration work, etc. Mark Pascal and Brad Choate also got interested, working on the MovableType side.
(The evidence that OpenID isn't a company-wide thing shows in that TypePad still doesn't have OpenID consumer support.)
As OpenID got more popular and we started to talk to others in the identity space, I started to get overwhelmed and David jumped to my rescue, helping out in the diplomacy world. While I try my best to be patient, David wins hands down. He acted as my buffer and news filter to/from the community.
My goal with OpenID has always been one of pragmatism. I wanted to enable the most with the smallest spec. I wanted something so people could taste roamable identity with minimal effort. Yes, OpenID doesn't solve all problems, but that's a feature!
If solving 90% of use cases takes a 10 page spec, solving 95% often takes a 100 page spec, and 97.5% takes a 1000 page spec. I didn't want a huge spec. 90% is good enough.
My hope is that everything else can be layered atop OpenID as extensions.
This is why I haven't been incredibly thrilled about Sxip, etc. I think profile exchange should be an extension, as should third-party proofs, etc.
JanRain's OpenID extensions for simple registration (profile exchange) show this is possible, and can be done right. I totally applaud such efforts.
So what does David's departure mean for OpenID?
It means OpenID is better than ever! David can work on OpenID a lot more at Verisign. David and I still see other regularly, too, and we're continuing to work on OpenID. The current plan is to address all of the community's concerns:
1) turn the existing spec into a new document that looks more like what people in the identity community want to see. Also updating terminology in places that the identity community has agreed on terms. This is largely a reformatting problem. No OpenID spec changes will come out of this.
2) document the proper way to do OpenID extensions, documenting/referencing the JanRain SimpleReg spec for profile exchange. probaly also adding SimpleReg support to LJ.
3) update the then-reformatted spec to address community requests/confusion/concerns. More on this later. David and I have started to discuss it, but I don't want to misrepresent any of that here, so we'll let it happen on the mailing list.
I'll wrap this post by reiterating that:
1) OpenID is supposed to be small/simple/modular, and that's why the core shouldn't be moving/changing much anymore. It largely Just Works, modulo some confusion which better docs will help. The interesting work is on the edges/extensions/integration.
2) David's departure from SixApart is a good thing for OpenID. He left largely so he could work on identity more. See, for example, the Verisign Personal Identity Provider (PIP) that David and his group have been working on. |
|
|
| OpenID and Subversion |
[Mar. 21st, 2006|12:44 am] |
Artur, David and I discussed how to make Subversion commits using OpenID authentication work today, without changing the subversion client.
Nutshell: client-side tiny HTTP proxy that does the OpenID protocol. Then transmitted user/pass is URL/signature. (well, signature with unixtime that's close to the server's unixtime, so server can implement, say, 24 hour anti-replay cache)
Result: we can grant people commit just by their URL, without giving them a username/password. And don't have to deal with "But I want to change my password!" crap.
Anybody want to hack it? |
|
|
| OpenID in TypeKey |
[Sep. 21st, 2005|12:23 pm] |
The TypeKey that speaks OpenID is live!
Just go rebuild your TypeKey profile page (tinker with your profile or something) and then you can use your profile URL as your OpenID on LiveJournal.com/etc. |
|
|
| an OpenID registrar |
[Sep. 7th, 2005|12:01 am] |
Check it out, an OpenID registrar:
http://www.videntity.org/
I wonder if they'll beat TypeKey to launch. |
|
|
| openid in movable type 3.2 |
[Aug. 25th, 2005|11:53 am] |
The just-released Movable Type 3.2 [download] includes both an OpenID server and consumer plugin. They're not enabled by default, but this is a good first step.
Props to Mark Paschal for doing all the OpenID <-> integration work. |
|
|
| Planetwork talk |
[Jul. 20th, 2005|12:56 pm] |
I'm talking for like 7 minutes at this:
http://www.kaliyasblogs.net/Iwoman/?p=54
Thursady, July 28th doors at 6, program at 7
CIIS, Namaste Hall,3rd Floor
1453 Mission St. San Francisco (2 blocks from Civic Center BART)
LID, OpenID, Sun SSO, Opinity..... |
|
|
| Bugs, Meetings, Testing |
[Jul. 10th, 2005|11:46 pm] |
So the combination of like four of us teamed up to contribute seemingly benign patches which in combination produced a bug that was caught and fixed within hours of release.
It was suggested that we have a post-mortem to discuss it, but I, being stubborn, said I wouldn't be attending, since we'd already had a suitable (I thought) post-mortem with the developers involved the night of the bug, and we'd recently had a long post-mortem for another unrelated issue that ended up covering tons of stuff, so I thought nothing new could come of this 3rd post-mortem that wasn't already covered in the first two, short of playing the blame game or something.
Ah, but I was wrong.
While I wanted to avoid a meeting and perhaps hack, it appears my time savings argument was fruitless as I've likely spent more time reading/writing emails about the meeting and the issue than the proposed meeting would've taken had I just attended.
So I admit defeat, and in addition to having spent time and my precious wrists/fingers writing emails, I will also be attending the meeting, if only to cut my losses and not type anymore.
But it might be fun as I'd love to discuss writing a test suite to cover the entirety of LiveJournal. Historically I've shunned tests, mostly because anything non-trivial I work with is distributed on lots of machines, deals with timing, and is just generally a bitch to test accurately. Lately, however, I've had success writing test suites of pretty complicated things, like LWPx::ParanoidAgent, OpenID, and just this weekend with Ben, Gearman (which Ben pretty much did).
So I'm warming up to automated testing, especially considering it'd be something the sysadmins could run first to feel better about code being pushed, and there'd be proof in the code repo that a test was or was not written. (which there would then be policy to include)
In conclusion: fun, fun. |
|
|