[OpenID] "getting started" (was BoF at RSA)

[SitG Admin]

>* Little or no way to deal with "getting started"

I'm publishing my source code on my site, and I encourage others to 
do the same, but I'm leery of my current efforts for several reasons:

1) There's still a lot of development work to be done to bring the 
site from "where it is now" to "where I want it to be", and that 
means the code will constantly be in a state of flux until then. 
Keeping the source updated would be a pain.

2) The security of my implementation is potentially broken. This is 
another reason I've been cautious about publishing all the code; if 
there *is* a vulnerability, any casual visitor can freely examine the 
code to find it (which is what I want, so such things can be found 
and pointed out, but I'm afraid that a malicious user will find it 
*first*). More importantly, though, people shouldn't be copying my 
code if it would expose them to attacks.

3) I'm managing the site in a particular way, and this way is far 
from efficient. It's okay since I'm only running a small-scale 
Consumer, and I'm fine with improving it later on when/if the load 
increases - the important thing was to have a basic working Consumer 
*now* rather than when it's perfected. But this IS "getting started"; 
a basic Consumer will buy newcomers the time they need to work on 
something suited to their own needs, the main problem is that my code 
isn't suited for large-scale sites. Additionally, it's written in PHP 
(which not everyone knows) and relies heavily on Apache's redirect 
module (which not all servers have, and not all sites can use), so 
it's not very portable.

-Shade