[OpenID] WantToDo, enterprise intranet OpenID provider

[Paul C. Bryan]

Hi Frans:

> yah paul, will you explain what is "work in other contexts"

The OpenID Extension is a Java-based implementation of an OpenID 1.1
provider. It was originally implemented for OpenSSO; in the Alpha2
release I generalized the bindings to allow it to run in any JEE
container that implements HttpServletRequest.getUserPrincipal().

So, you should be able to use your favourite JEE container, implement
container-managed authentication through its supported authentication
modules, and you'll have a working OpenID provider.

Alpha2 has preliminary support for simple reg, and provides a highly
configurable user interface (through CSS and JavaServer Faces). You'll
probably want to extend it to persist the registration information and
trust decisions.

In Alpha3 (work in progress, I can be encouraged/bribed/coerced to
finish it sooner than later), has service provider interfaces and
example modules for registration information and trust decision
persistence.

> can the openid extension work as standalone  out of opensso.

Yes. Simply don't configure the container to use the included OpenSSO
servlet filter (which is used to implement
HttpServletRequest.getUserPrincipal() by connecting to the OpenSSO
server) and instead use application server container-managed
authentication.

> if you share the architecture that will be cool 

I will eventually go and document the architecture. That will probably
be after the Alpha3 release.

If you want to see a great example of the Alpha2 code in action
(extended to support persistent registration and trust information),
check out http://ssocircle.com. Sun Microsystems is also using Alpha2
for its own OpenID provider, but it's only available to Sun employees.

Paul