[OpenID] JanRain library licensing (was: Re: On OpenID 2.0)
Christopher St John
ckstjohn at gmail.com
Sat May 12 00:32:05 UTC 2007
On 5/11/07, Jonathan Daugherty <cygnus at janrain.com> wrote:
>
> # Generally, it will be completely obvious which implementation to
> # pick, since it will be at the top of any Google search, followed by
> # things like my imaginary Haskell implementation.
>
> Sure, it will be pretty clear which one is more mature, etc. That's
> *already* true. And yet, it hasn't stopped broken implementations
> from being created or used.
>
Well, rather than trying to stop people from implementing
the spec, it might be better to work on making the spec
easier to implement and verify. That involves clarifying
wording, adding addenda, and lots of non-normative
text giving the experience of previous implementors. Plus
conformance tests. It's a lot of work, but, you know, it's kind of
traditional.
What ended up happening for SOAP (an absolute interop
nightmare) was the implementors hosted latest-and-greatest
code on known endpoints.
There was a more-or-less standard set of conformance
tests that exercised known tricky areas. The tests showed
the exact sequence of calls and content, so it was easy
to verify behavior. (That's trickier with nonces and such,
but there are ways around it) Tricky areas in this case
might be having a set of "should be rejected" tests with
bad hashes, for example.
It was all very low-overhead but made it very obvious who
was with the program in terms of conformance (comparison
against the spec) and interop (comparison against other
implementations) Writing the conformance tests was a huge
help in clarifying the spec, since it forced people to confront
ambiguous areas and holes.
There's no defense against people who refuse to RTFM,
but it is possible to make it easier for conscientious
implementors and developers.
Just a thought.
-cks
--
Christopher St. John
http://artofsystems.blogspot.com
More information about the general
mailing list