[OpenID board] Ongoing maintenance of the OpenID libraries

Krall, Gary gkrall at verisign.com
Wed Jan 26 01:42:34 UTC 2011


Chris:
 
Just as a point on the curve JOID is also actively being maintained by us:  http://code.google.com/p/joid/
 
Gary.
-----Original Message-----
From: openid-board-bounces at lists.openid.net [mailto:openid-board-bounces at lists.openid.net]On Behalf Of Chris Messina
Sent: Thursday, January 20, 2011 9:59 AM
To: openid-board at lists.openid.net
Subject: Re: [OpenID board] Ongoing maintenance of the OpenID libraries


I'm reflecting both a general sense that I have about the libraries, as well as analysis from Will Norris — one of the few consistent contributors to various OpenID libraries/implementations (i.e. the WordPress OpenID plugin). 

Since I also maintain the list of OAuth libraries on the OAuth site, in contrast, I've seen much more activity with and interest in those libraries over the past year or so.

Dick may have a point that people have lost interest. I can't draw the same conclusion about the product that we're shipping, since third-party authentication has only become more common in the past year. Instead, it seems to me that there's probably an impression that the "project is dead" or that the core of the community has moved on to OAuth, since the capabilities that OAuth unlock are generally more interesting to people (and more relevant, given the various industry adoptions). While OAuth (1 or 2) doesn't solve all the most interesting problems, it solves the ones that people can get their heads around today, and that confront them immediately when trying to access user data or facilitate sign in.

Furthermore, without the community or the foundation taking a more active role in the development, improvement, and simplification of the libraries (or relying on Janrain, which gave up maintaining the libraries a long time ago), that responsibility has simply gone unserved. 

I appreciate John's point about openID4java being maintained — as part of another organization's toolkit, it makes sense that it would be maintained. What I'm worried about are all the libraries that fall under our purview and that are no longer being actively maintained.


Chris


On Thu, Jan 20, 2011 at 8:47 AM, Eric Sachs < esachs at google.com> wrote:


I certainly wouldn't mind if the libraries were organized better, however when we pole our current/targetted RPs about areas for improvement for the OpenID scenarios we support, the state of the libraries doesn't make it to the top 10 list.  The only exception is RPs who are trying to do both OpenID+OAuth and who not surprisingly complain about the OAuth1 signing issues. 

On Wed, Jan 19, 2011 at 6:40 PM, Chris Messina < chris.messina at gmail.com> wrote:


It has come to my attention that the maintenance of the OpenID libraries has fallen by the wayside in the past year. Since OpenID 2.0 is still the de facto latest version, I believe it is up to the foundation to make sure that we're keeping the existing libraries up to date. 

Specifically, since our code is hosted on GitHub, there have been several forks and subsequent pull requests posted to the PHP library:


https://github.com/openid/php-openid

 <https://github.com/openid/php-openid> Will Norris is reviewing these changes but I think this raises an important issue that we've neglected for some time — making the developer experience of integrating OpenID (beyond using an off-the-shelf solution like Janrain Engage) adequate. To that end, making sure that the libraries are open for improvements, and that we respond to pull requests in a timely fashion should be something that we prioritize in 2011.

If it's unclear who the current maintainers or owners are for the libraries, that's something we should absolutely address.

Chris

-- 
Chris Messina
Open Web Advocate, Google


Website: http://chrismessina.me
Blog:  http://chrismessina.me/b
Follow my updates: http://twitter.com/chrismessina 


This email is:   [ ] shareable    [X] ask first   [ ] private


_______________________________________________
board mailing list
board at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-board





_______________________________________________
board mailing list
board at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-board






-- 
Chris Messina
Open Web Advocate, Google


Website: http://chrismessina.me
Blog:  http://chrismessina.me/b
Follow my updates: http://twitter.com/chrismessina 


This email is:   [ ] shareable    [X] ask first   [ ] private

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20110125/0703ec09/attachment.html>


More information about the board mailing list