[OpenID] JanRain library licensing (was: Re: On OpenID 2.0)

[Josh Hoyt]

On 5/10/07, James Walker <walkah at walkah.net> wrote:
> I'll close with this too - as someone who has implemented a lot of "open
>  specs" in the past couple years - having multiple implementations in
> the wild is actually a very good thing... I've found anyway. Helps make
> sure we're reading and writing to the spec appropriately ...

Sorry to single you out, James, but I'm tired of hearing this
justification for *yet another* implementation. The rest of this
message is about this topic in general and not directed solely at you.

There are already many implementations. If your interest is in
interoperability or spec conformance, your time would be much better
spent working on conformance testing tools or just testing *existing*
implementations against each other. One of the reasons that I always
encourage people to use the libraries that JanRain wrote is so that
we'll get more in-the-wild testing in different environments and get
feedback that helps us resolve issues.

Too many implementations cause at least as many problems as too few.
I'd much rather have a smaller set of libraries that have had more
testing and more review by OpenID, security, and programming experts.

If you're interested in understanding the protocol, I think that
reviewing the code for existing libraries (and especially asking
questions or filing bugs if you spot a mistake) is an excellent way,
probably better than writing your own. Send patches! Send criticism!
Participate!

We-already-have-five-of-that-wheel-ly yours,
Josh