[OpenID] JanRain library licensing (was: Re: On OpenID 2.0)

[Guido Sohne]

On 5/18/07, Jonathan Daugherty <cygnus at janrain.com> wrote:
> # Recently, a client needed an OpenID server. They were using
> # Erlang. No JanRain for me, so I wrote an OpenID 1.1 server. How does
> # depending on a single family of excellent libraries help when they
> # aren't available in the target platform?
>
> This is a straw man.  Of *course* you can't depend on a library that
> doesn't exist.  So, sure, you either write one for your platform of
> choice or change your platform.  Come on.

Granted. But a bit of focus on interop and tests for checking
implementations (even yours) conform with each other is going to clean
up a lot of the numerous bugs that probably lurk. Between 'designated
implementations' and 'conformance tests', the point I am making is you
can't avoid having good tests, and you don't - for your own
implementations, as echoed above where a lot of the 290K is in tests.
I think that's a good thing but even better would be to spread the
goodness around.

> # +1 - it was very useful to run against the JanRain acceptance tests
> # but I believe they could be a little more thorough.
>
> For the record, we did put some time into writing those and haven't
> given up on updating and improving them; however, we'd *love* to get
> helpers because there are a lot of other things we have to do.

Is there source available for the tests at openidenabled.com? Should
JanRain's tests be BSD licensed so that they can be reused in closed
source projects? I'm not about to tell you what to do with your code,
but you do have great and very thorough tests.

> # But on a parting note: the poor, poor JanRain people. They had to
> # code in PHP (the horrors!) and then they say the code isn't wanted?
>
> Did we say that?

Sorry for the confusion. I meant to say the Drupal guys said that. I
had meant to offer a bit of sympathy, because I consider PHP to be the
devil's work ...

-- G.