[OpenID] OpenID PHP5 Zend Framework Library

Pádraic Brady padraic.brady at yahoo.com
Mon Feb 26 22:17:02 UTC 2007

Hi Jonathan,

You see its not even a question of whether the Janrain library is or is not capable of integration - it definitely is. But the Zend Framework is governed by Zend Technologies and it's primary purpose is to become an attractive framework for companies and the enterprise segment - as well as us developers obviously. That goal bears a few strict requirements a bit exceptional for a PHP open source project, foremost of which is a clean copyright/IP record with a paper trail. I had to submit a signed license agreement, for example, just to get subversion and contributor access to submit a handful of documentation edits. The second is that because of those requirements, core components must be written from scratch with a clear record of its progress. Hence the proposal and offsite subversion repository since its an obvious audit trail.

As for a *second* PHP library - I completely agree its blatant NIH (Not Invented Here) practice but that's what is required in order for OpenID support to be integrated directly into the Zend Framework under a New BSD License and the clean IP policy, as well its PHP5-only rules. Hence why I had to note it's not a side swipe at the Janrain library ;). It's not and I didn't want anyone wrongly interpreting it that way. But that's the reasoning - if we want to add integrated OpenID, we have to start from a blank slate.

>In summary, it's *great* that you're picking up OpenID and integrating
>it into a framework.  However, I'm a bit skeptical about the decision
>to write another Yadis implementation (and, later, an OpenID
>implementation).  These things are non-trival and error-prone.

They are indeed error prone - I've worked on implementing OpenID in the past under PHP (where we've internally been using the JanRain library ;)) and Ruby and had some fun figuring out issues where folk were making modifications to fit an application's extra needs/limitations. I have a fairly good understanding of the specifications involved having studied them before we were implementing OpenID. From my side its largely a matter of breaking down the specs into digestable chunks, implementing them in stages, and covering myself with unit tests where it makes sense - combined with lots of coffee and swearing at my monitor ;). Not the most scientific approach - the component only has a handful of public methods worth unit testing so there is a ton of functional testing in the background to narrow down the location of any failures.

Anyway, hopefully the above explains more on the "why" of a second library. It's completely framework-centric in its motivations - even I still intend using the Janrain library outside of my Zend Framework based work :).

Best regards,

Pádraic Brady

----- Original Message ----
From: Jonathan Daugherty <cygnus at janrain.com>
To: Pádraic Brady <padraic.brady at yahoo.com>
Cc: general at openid.net
Sent: Monday, February 26, 2007 7:44:03 PM
Subject: Re: [OpenID] OpenID PHP5 Zend Framework Library

# The Zend Framework is a PHP5 application framework sponsored by Zend
# (that PHP company). As they are nearing a beta release for March, I
# have started formal proposal to implement native OpenID support
# within the framework. The initial proposal to kickstart the process
# is a new Zend_Service_Yadis component.

This is great to hear.

# Also the ZF is PHP5 specific, meaning many of the current PHP-OpenID
# libraries classes would need to be added to and expanded regardless
# (e.g. Sockets based HTTP client, PDO, SimpleXML parser).

FWIW, there is already a sockets-based HTTP client in our library (the
Janrain library).  I don't know about SimpleXML, but DOM is the de
facto XML extension for PHP 5 as far as I know, and our library
already supports that.  And as for PDO, well, we can add support for
that.  (To date, nobody has requested it, however.)

# I'd just like to note this separate PHP project is primarily for
# Zend Framework integration and is not the result of any disagreement
# or criticism of that library - it's purely an exercise to bring
# OpenID into a pure PHP5 flavour in agreement with the Framework's
# stated goals.

Thanks for pointing that out.  Can you provide a list of stated goals
that you're moving toward?  We want to know if we can make changes to
the existing library to make it more compatible with your framework.
(Obviously, PHP-5-only code isn't really an option, as we have to
support a larger user base, and PHP 4 is by a very large margin the
most widely-deployed major version of PHP.)

In summary, it's *great* that you're picking up OpenID and integrating
it into a framework.  However, I'm a bit skeptical about the decision
to write another Yadis implementation (and, later, an OpenID
implementation).  These things are non-trival and error-prone.  I
would rather work with you to see if there are ways to bring the
Janrain library into better conformance with your framework; then, you
can forget about the job of making OpenID work, and move on with using
OpenID in your applications.

Thanks and good luck,

  Jonathan Daugherty
  JanRain, Inc.
  irc.freenode.net: cygnus in #openid

Never Miss an Email
Stay connected with Yahoo! Mail on your mobile.  Get started!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070226/47a7ed48/attachment-0002.htm>

More information about the general mailing list