<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=Windows-1252">
<META content="MSHTML 5.00.3884.1600" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT color=#0000ff face=Verdana size=2><SPAN
class=520114101-26012011>Chris:</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana size=2><SPAN
class=520114101-26012011></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana size=2><SPAN class=520114101-26012011>Just
as a point on the curve JOID is also actively being maintained by us: <A
href="http://code.google.com/p/joid/">http://code.google.com/p/joid/</A></SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana size=2><SPAN
class=520114101-26012011></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana size=2><SPAN
class=520114101-26012011>Gary.</SPAN></FONT></DIV>
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
openid-board-bounces@lists.openid.net
[mailto:openid-board-bounces@lists.openid.net]<B>On Behalf Of </B>Chris
Messina<BR><B>Sent:</B> Thursday, January 20, 2011 9:59 AM<BR><B>To:</B>
openid-board@lists.openid.net<BR><B>Subject:</B> Re: [OpenID board] Ongoing
maintenance of the OpenID libraries<BR><BR></FONT></DIV>I'm reflecting both a
general sense that I have about the libraries, as well as analysis from Will
Norris — one of the few consistent contributors to various OpenID
libraries/implementations (i.e. the WordPress OpenID plugin).
<DIV><BR></DIV>
<DIV>Since I also maintain the list of OAuth libraries on the OAuth site, in
contrast, I've seen much more activity with and interest in those libraries over
the past year or so.</DIV>
<DIV><BR></DIV>
<DIV>Dick may have a point that people have lost interest. I can't draw the same
conclusion about the product that we're shipping, since third-party
authentication has only become more common in the past year. Instead, it seems
to me that there's probably an impression that the "project is dead" or that the
core of the community has moved on to OAuth, since the capabilities that OAuth
unlock are generally more interesting to people (and more relevant, given the
various industry adoptions). While OAuth (1 or 2) doesn't solve all the most
interesting problems, it solves the ones that people can get their heads around
today, and that confront them immediately when trying to access user data or
facilitate sign in.</DIV>
<DIV><BR></DIV>
<DIV>Furthermore, without the community or the foundation taking a more active
role in the development, improvement, and simplification of the libraries (or
relying on Janrain, which gave up maintaining the libraries a long time ago),
that responsibility has simply gone unserved. </DIV>
<DIV><BR></DIV>
<DIV>I appreciate John's point about <SPAN class=Apple-style-span
style="BORDER-COLLAPSE: collapse; FONT-FAMILY: arial, sans-serif; FONT-SIZE: 13px">openID4java
being maintained — as part of another organization's toolkit, it makes sense
that it would be maintained. What I'm worried about are all the libraries that
fall under our purview and that are no longer being actively
maintained.</SPAN></DIV>
<DIV><SPAN class=Apple-style-span
style="BORDER-COLLAPSE: collapse; FONT-FAMILY: arial, sans-serif; FONT-SIZE: 13px"><BR></SPAN></DIV>
<DIV><SPAN class=Apple-style-span
style="BORDER-COLLAPSE: collapse; FONT-FAMILY: arial, sans-serif; FONT-SIZE: 13px">Chris</SPAN></DIV>
<DIV><BR><BR>
<DIV class=gmail_quote>On Thu, Jan 20, 2011 at 8:47 AM, Eric Sachs <SPAN
dir=ltr><<A href="mailto:esachs@google.com">esachs@google.com</A>></SPAN>
wrote:<BR>
<BLOCKQUOTE class=gmail_quote
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex">I
certainly wouldn't mind if the libraries were organized better, however when
we pole our current/targetted RPs about areas for improvement for the OpenID
scenarios we support, the state of the libraries doesn't make it to the top 10
list. The only exception is RPs who are trying to do both OpenID+OAuth
and who not surprisingly complain about the OAuth1 signing issues.
<DIV>
<DIV><BR>
<DIV class=gmail_quote>
<DIV>
<DIV></DIV>
<DIV class=h5>On Wed, Jan 19, 2011 at 6:40 PM, Chris Messina <SPAN
dir=ltr><<A href="mailto:chris.messina@gmail.com"
target=_blank>chris.messina@gmail.com</A>></SPAN> wrote:<BR></DIV></DIV>
<BLOCKQUOTE class=gmail_quote
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex">
<DIV>
<DIV></DIV>
<DIV class=h5>It has come to my attention that the maintenance of the OpenID
libraries has fallen by the wayside in the past year. Since OpenID 2.0 is
still the de facto latest version, I believe it is up to the foundation to
make sure that we're keeping the existing libraries up to date.
<DIV><BR></DIV>
<DIV>Specifically, since our code is hosted on GitHub, there have been
several forks and subsequent pull requests posted to the PHP library:<BR>
<DIV><BR></DIV>
<DIV><A href="https://github.com/openid/php-openid"
target=_blank>https://github.com/openid/php-openid</A></DIV>
<DIV><BR></DIV>
<DIV><A href="https://github.com/openid/php-openid" target=_blank></A>Will
Norris is reviewing these changes but I think this raises an important issue
that we've neglected for some time — making the developer experience of
integrating OpenID (beyond using an off-the-shelf solution like Janrain
Engage) adequate. To that end, making sure that the libraries are open for
improvements, and that we respond to pull requests in a timely fashion
should be something that we prioritize in 2011.</DIV>
<DIV><BR></DIV>
<DIV>If it's unclear who the current maintainers or owners are for the
libraries, that's something we should absolutely address.</DIV>
<DIV><BR></DIV>
<DIV>Chris<BR clear=all><BR>-- <BR>Chris Messina<BR>Open Web Advocate,
Google<BR><BR>
<DIV>Website: <A href="http://chrismessina.me"
target=_blank>http://chrismessina.me</A></DIV>
<DIV>Blog: <A href="http://chrismessina.me/b"
target=_blank>http://chrismessina.me/b</A><BR>Follow my updates: <A
href="http://twitter.com/chrismessina"
target=_blank>http://twitter.com/chrismessina</A> <BR></DIV>
<DIV><BR></DIV>This email is: [ ] shareable [X] ask
first [ ] private<BR></DIV></DIV><BR></DIV></DIV>
<DIV class=im>_______________________________________________<BR>board
mailing list<BR><A href="mailto:board@lists.openid.net"
target=_blank>board@lists.openid.net</A><BR><A
href="http://lists.openid.net/mailman/listinfo/openid-board"
target=_blank>http://lists.openid.net/mailman/listinfo/openid-board</A><BR><BR></DIV></BLOCKQUOTE></DIV><BR></DIV></DIV><BR>_______________________________________________<BR>board
mailing list<BR><A
href="mailto:board@lists.openid.net">board@lists.openid.net</A><BR><A
href="http://lists.openid.net/mailman/listinfo/openid-board"
target=_blank>http://lists.openid.net/mailman/listinfo/openid-board</A><BR><BR></BLOCKQUOTE></DIV><BR><BR
clear=all><BR>-- <BR>Chris Messina<BR>Open Web Advocate, Google<BR><BR>
<DIV>Website: <A href="http://chrismessina.me"
target=_blank>http://chrismessina.me</A></DIV>
<DIV>Blog: <A href="http://chrismessina.me/b"
target=_blank>http://chrismessina.me/b</A><BR>Follow my updates: <A
href="http://twitter.com/chrismessina"
target=_blank>http://twitter.com/chrismessina</A> <BR></DIV>
<DIV><BR></DIV>This email is: [ ] shareable [X] ask
first [ ] private<BR></DIV></BODY></HTML>