[OpenID board] BOARD VOTE: Motion to update Rails plugin and OpenID.net ...

Chris Messina chris.messina at gmail.com
Thu Dec 18 03:46:05 UTC 2008


Can I butt in?
There are a couple problems with this motion, and with RefreshMedia's
approach.

First, I need some more information:

* What was the wording of the motion to hire Refresh to build the election
site in the first place?
* Was OpenID authentication a requirement of the solution? I presume that it
was, and if so, the intention was to support the OpenID 2.0 specification
* If that was the case, did Refresh look into the existing
Rails OpenID plugin before they started their work? If they had, surely they
would have realized that the plugin would not pass muster for the task at
hand and that, to complete the work order, they would need to update the
plugin to support OpenID 2.0.
* If they did not look into the Rails OpenID plugin until later in the
project, or used the old plugin without modifying it, and then received
complaints because it didn't support OpenID 2.0, and then went with RPX
because it was a ready-made solution, then the problem here lies with
Refresh (coupled with the need for such vendor-selection decisions to be
made transparently).

In other words, if Refresh were hired to build the election system, and one
requirement of that work was to enable OpenID 2.0 authentication, plugin or
not, it was up to them to enable that functionality.

They ended up enabling the desired functionality by using RPX as a stopgap,
and now, as we would like to decouple the election system from a
vendor-specific solution, we're left with a non-functioning application.

I like the Refresh guys and think they've done good work, so I'm not out to
smudge them or anything, but it's hard for me to comprehend why we should
spend another $2000 on work that should already have been paid for, or have
been covered in the original work order.

Now, if that original work order was not specific about how OpenID was
intended to work (therefore OpenID 1.1 compatibility would meet the terms of
the agreement), then I suppose it does lie with the foundation to figure out
1) how to disentangle a vendor-specific solution (or to go about picking a
vendor solution in a fair/transparent process) and 2) how to re-enable the
sign in functionality of the election application given the state of the
Rails plugin.

The problem with Scott's motion is that it conflates several issues into
one:

* enabling OpenID 2.0 authentication for the election app without relying on
a vendor-specific solution
* updating the obsolete Rails OpenID plugin
* funding the development of open source software for a specific platform

I know that Scott was intending to address these three issues with this
motion, but as worded and proposed, fails to confront existing problems:
namely, should Refresh be responsible for delivering OpenID 2.0
functionality in the elections app given the money already spent?

If not, then we can look at sponsoring and updating the Rails plugin through
some other mechanism later. And if the elections app is not needed for some
time after the current election is over, then we can simply shut it down
pending community-led improvements to the Rails plugin.

We can certainly argue over how best to spend $2000 to facilitate
improvements of the OpenID libraries, but first we should ascertain whether
Refresh owes us a running implementation of OpenID 2.0 code given what was
already spent on their work.

Chris

P.S. Sorry if that was wordy; it's freezing in my apartment and moving my
fingers rapidly is keeping them warm!
On Wed, Dec 17, 2008 at 7:10 PM, Scott Kveton <scott at kveton.com> wrote:

> > I think I understand where you're coming from, but I'm not convinced it
> is
> > critical, and that's partly because I don't have an issue with us
> continuing
> > to use the JanRain RPX as long as everything is above board and
> transparent.
>
> Great.  We'll just switch it to the solution Vidoop (my company) is
> baking after the first of the year then.  I'm saying that a bit tongue
> in cheek but I think you get my point.
>
> > That said, I'm personally all for us setting aside a non-trivial portion
> of
> > the budget explicitly to fund open source development.  But that is for
> the
> > incoming board to decide and is worthy of a debate on its own.
>
> I'm actually -1 to this ... lord knows Google spends enough on this
> already ... :-)  Again, I'm not proposing to fund the creation of open
> source software for the sake of open source software; I'm saying let's
> make the membership software vendor neutral and release the results as
> open source.
>
> - Scott
> _______________________________________________
> board mailing list
> board at openid.net
> http://openid.net/mailman/listinfo/board
>



-- 
Chris Messina
Citizen-Participant &
 Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20081217/d32e5e7f/attachment-0002.htm>


More information about the board mailing list