specs and implementations (Re: Problems with OpenID and TAG httpRange-14)

[Kevin Turner]

On Fri, 2008-03-21 at 09:38 -0700, Will Norris wrote:
> Regardless of what specific spec addition we're talking about, I don't
> think the technical difficulty to implement it should ever be a
> determining factor in weighing the merit of the proposal.

I disagree here.  We don't write specs just so people can appreciate the
abstract beauty of the models we describe.  We write specs so we can
have working code solving problems.  No specification should be
considered complete without at least one reference implementation, and
the complexity of implementation should be taken as feedback to the
developing specification.

The more complexity is required, the more expensive it is to implement
and test the specification, which directly impacts adoption.  And the
more error-prone the implementations will be, hampering
interoperability.

I think this idea is fairly central to OpenID.  As others have pointed
out time and time again, there are other systems that have pretty much
all the same properties as OpenID does, they may cover them in a more
rigorous fashion, they may have been around for years or decades, but
they don't have the appeal that OpenID does today.  I believe that is
because they were perceived as too inaccessible, or too expensive to
implement or integrate.

I'm not saying that Noah's proposed change is in any way impossible to
implement, but as a member of a team which maintains three OpenID
implementations, the cost is going to be a factor for me.  Most (if not
all) of the editors of the OpenID specification(s) to date have been
directly involved in implementation, and I doubt I am alone in this.

(And yes, I do recognize that I have, in the past, argued in favor of
things that were a lot more complex than this.  It's one factor among
many.)

 - Kevin