[OpenID board] BOARD VOTE: Motion to update Rails plugin and OpenID.net ...

Scott Kveton scott at kveton.com
Fri Dec 19 02:26:46 UTC 2008


> First, I need some more information:
> * What was the wording of the motion to hire Refresh to build the election
> site in the first place?

The motion was approved during the 3/13/2008 board meeting:

http://docs.google.com/View?docid=dg3mt5r8_4d6dc32hj

and you can see the attached proposal from Refresh Media that was
signed by the Foundation.

Neither make any mention of "OpenID 2.0" support.

> * Was OpenID authentication a requirement of the solution? I presume that it
> was, and if so, the intention was to support the OpenID 2.0 specification
> * If that was the case, did Refresh look into the existing
> Rails OpenID plugin before they started their work? If they had, surely they
> would have realized that the plugin would not pass muster for the task at
> hand and that, to complete the work order, they would need to update the
> plugin to support OpenID 2.0.

I believe it was assumed that the Rails plugin would support the
OpenID 2.0 specification without question.  From my discussions with
the Refresh folks, they said that it works in about 90% of the use
cases but falls down on XRI's and directed identity (a big one for
Google and Yahoo).

> In other words, if Refresh were hired to build the election system, and one
> requirement of that work was to enable OpenID 2.0 authentication, plugin or
> not, it was up to them to enable that functionality.

To the letter of the agreement, they were not required to do this ...
however, technically they did provide it by going with RPX because
nothing in the agreement limited them from going with a solution like
that.

> The problem with Scott's motion is that it conflates several issues into
> one:
> * enabling OpenID 2.0 authentication for the election app without relying on
> a vendor-specific solution
> * updating the obsolete Rails OpenID plugin
> * funding the development of open source software for a specific platform
> I know that Scott was intending to address these three issues with this
> motion, but as worded and proposed, fails to confront existing problems:
> namely, should Refresh be responsible for delivering OpenID 2.0
> functionality in the elections app given the money already spent?

Since the motion nor the agreement specify this, its hard to put that
on them.  It was our fault for not clarifying or doing due diligence
on the platform we chose, etc.  Also, they technically did what they
were asked to do to the letter of the agreement and then some; they
got it working with RPX when it wasn't working otherwise.

> If not, then we can look at sponsoring and updating the Rails plugin through
> some other mechanism later. And if the elections app is not needed for some
> time after the current election is over, then we can simply shut it down
> pending community-led improvements to the Rails plugin.

+1.

- Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenID Foundation Proposal.pdf
Type: application/pdf
Size: 112888 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20081218/dcdc2155/attachment-0002.pdf>


More information about the board mailing list