May 30th, 2006


OpenID and SixApart

I've been getting an increasing number of inquiries lately into the state of SixApart's committment/involvement with OpenID now that David Recordon has left SixApart and moved to Verisign.

Hopefully this post will clarify the state of things.

I originally did OpenID as an independent side project, not officially sanctioned by work. I worked on integrating it into TypeKey and LiveJournal and tried to get others at work excited about it. David was one of the most excited, helping me do more LiveJournal integration work, etc. Mark Pascal and Brad Choate also got interested, working on the MovableType side.

(The evidence that OpenID isn't a company-wide thing shows in that TypePad still doesn't have OpenID consumer support.)

As OpenID got more popular and we started to talk to others in the identity space, I started to get overwhelmed and David jumped to my rescue, helping out in the diplomacy world. While I try my best to be patient, David wins hands down. He acted as my buffer and news filter to/from the community.

My goal with OpenID has always been one of pragmatism. I wanted to enable the most with the smallest spec. I wanted something so people could taste roamable identity with minimal effort. Yes, OpenID doesn't solve all problems, but that's a feature!

If solving 90% of use cases takes a 10 page spec, solving 95% often takes a 100 page spec, and 97.5% takes a 1000 page spec. I didn't want a huge spec. 90% is good enough.

My hope is that everything else can be layered atop OpenID as extensions.

This is why I haven't been incredibly thrilled about Sxip, etc. I think profile exchange should be an extension, as should third-party proofs, etc.

JanRain's OpenID extensions for simple registration (profile exchange) show this is possible, and can be done right. I totally applaud such efforts.

So what does David's departure mean for OpenID?

It means OpenID is better than ever! David can work on OpenID a lot more at Verisign. David and I still see other regularly, too, and we're continuing to work on OpenID. The current plan is to address all of the community's concerns:

1) turn the existing spec into a new document that looks more like what people in the identity community want to see. Also updating terminology in places that the identity community has agreed on terms. This is largely a reformatting problem. No OpenID spec changes will come out of this.

2) document the proper way to do OpenID extensions, documenting/referencing the JanRain SimpleReg spec for profile exchange. probaly also adding SimpleReg support to LJ.

3) update the then-reformatted spec to address community requests/confusion/concerns. More on this later. David and I have started to discuss it, but I don't want to misrepresent any of that here, so we'll let it happen on the mailing list.

I'll wrap this post by reiterating that:

1) OpenID is supposed to be small/simple/modular, and that's why the core shouldn't be moving/changing much anymore. It largely Just Works, modulo some confusion which better docs will help. The interesting work is on the edges/extensions/integration.

2) David's departure from SixApart is a good thing for OpenID. He left largely so he could work on identity more. See, for example, the Verisign Personal Identity Provider (PIP) that David and his group have been working on.