I'm reflecting both a general sense that I have about the libraries, as well as analysis from Will Norris — one of the few consistent contributors to various OpenID libraries/implementations (i.e. the WordPress OpenID plugin).<div>
<br></div><div>Since I also maintain the list of OAuth libraries on the OAuth site, in contrast, I've seen much more activity with and interest in those libraries over the past year or so.</div><div><br></div><div>Dick may have a point that people have lost interest. I can't draw the same conclusion about the product that we're shipping, since third-party authentication has only become more common in the past year. Instead, it seems to me that there's probably an impression that the "project is dead" or that the core of the community has moved on to OAuth, since the capabilities that OAuth unlock are generally more interesting to people (and more relevant, given the various industry adoptions). While OAuth (1 or 2) doesn't solve all the most interesting problems, it solves the ones that people can get their heads around today, and that confront them immediately when trying to access user data or facilitate sign in.</div>
<div><br></div><div>Furthermore, without the community or the foundation taking a more active role in the development, improvement, and simplification of the libraries (or relying on Janrain, which gave up maintaining the libraries a long time ago), that responsibility has simply gone unserved. </div>
<div><br></div><div>I appreciate John's point about <span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">openID4java being maintained — as part of another organization's toolkit, it makes sense that it would be maintained. What I'm worried about are all the libraries that fall under our purview and that are no longer being actively maintained.</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><br></span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">Chris</span></div>
<div><br><br><div class="gmail_quote">On Thu, Jan 20, 2011 at 8:47 AM, Eric Sachs <span dir="ltr"><<a href="mailto:esachs@google.com">esachs@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I certainly wouldn't mind if the libraries were organized better, however when we pole our current/targetted RPs about areas for improvement for the OpenID scenarios we support, the state of the libraries doesn't make it to the top 10 list. The only exception is RPs who are trying to do both OpenID+OAuth and who not surprisingly complain about the OAuth1 signing issues.<div>
<div><br><div class="gmail_quote"><div><div></div><div class="h5">On Wed, Jan 19, 2011 at 6:40 PM, Chris Messina <span dir="ltr"><<a href="mailto:chris.messina@gmail.com" target="_blank">chris.messina@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div class="h5">
It has come to my attention that the maintenance of the OpenID libraries has fallen by the wayside in the past year. Since OpenID 2.0 is still the de facto latest version, I believe it is up to the foundation to make sure that we're keeping the existing libraries up to date.<div>
<br></div><div>Specifically, since our code is hosted on GitHub, there have been several forks and subsequent pull requests posted to the PHP library:<br><div><br></div><div><a href="https://github.com/openid/php-openid" target="_blank">https://github.com/openid/php-openid</a></div>
<div><br></div><div><a href="https://github.com/openid/php-openid" target="_blank"></a>Will Norris is reviewing these changes but I think this raises an important issue that we've neglected for some time — making the developer experience of integrating OpenID (beyond using an off-the-shelf solution like Janrain Engage) adequate. To that end, making sure that the libraries are open for improvements, and that we respond to pull requests in a timely fashion should be something that we prioritize in 2011.</div>
<div><br></div><div>If it's unclear who the current maintainers or owners are for the libraries, that's something we should absolutely address.</div><div><br></div><div>Chris<br clear="all"><br>-- <br>Chris Messina<br>
Open Web Advocate, Google<br><br><div>Website: <a href="http://chrismessina.me" target="_blank">http://chrismessina.me</a></div><div>Blog: <a href="http://chrismessina.me/b" target="_blank">http://chrismessina.me/b</a><br>
Follow my updates: <a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a> <br></div><div><br></div>This email is: [ ] shareable [X] ask first [ ] private<br>
</div></div>
<br></div></div><div class="im">_______________________________________________<br>
board mailing list<br>
<a href="mailto:board@lists.openid.net" target="_blank">board@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-board" target="_blank">http://lists.openid.net/mailman/listinfo/openid-board</a><br>
<br></div></blockquote></div><br></div></div>
<br>_______________________________________________<br>
board mailing list<br>
<a href="mailto:board@lists.openid.net">board@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-board" target="_blank">http://lists.openid.net/mailman/listinfo/openid-board</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Open Web Advocate, Google<br><br><div>Website: <a href="http://chrismessina.me" target="_blank">http://chrismessina.me</a></div><div>Blog: <a href="http://chrismessina.me/b" target="_blank">http://chrismessina.me/b</a><br>
Follow my updates: <a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a> <br></div><div><br></div>This email is: [ ] shareable [X] ask first [ ] private<br>
</div>