[OpenID] Changes to the OpenID Foundation member page login

[Scott Kveton]

> Refresh Media is the contractor that the OIDF hired to design and implement
> the polling and elections platforms.  Several weeks ago after an OIDF
> meeting we decided we wanted to make sure that the polling and elections
> platform were going to be operational in time for an end of the year
> election.  At the time Bill Washburn was incapacitated due to some medical
> problems, so I volunteered to work with Mike Jones and Refresh Media to make
> sure the system was operational in time for the elections.

How come Mike wasn't asked about using RPX on OpenID.net?

> "Our experience with the "official" Rails plugins for OpenID authentication
> has been pretty bad over the last two months.  Specifically, it's been a
> struggle to get it up to speed with the OpenID 2.0 spec, most significantly
> adding support for i-names and directed identity.  There would have been
> probably another week of development required to overhaul the plugin, but
> there wasn't enough time to do a proper job for the board elections.
>  JanRain offered RPX as an alternative to get us up and running more
> quickly.  We sent Bill Washburn an e-mail in to check to make sure this was
> a reasonable approach, but after not hearing back from him made the switch
> when the situation became urgent."

Is anybody working with the Rails community to see that this gets
remedied?  Can anybody volunteer to look into it.  Odds are other
folks are having the same problems and that's bad for us.

If you're a Rails developer that could help with this please let me
know.  If I understood Peat on this, its not a question of the JanRain
libs but the actual Rails wrapper to that library.

> With respect to whether it's appropriate to be using RPX on the OIDF website
> or not,  it appears that there has been a diversity of opinion.  Some of the
> membership has applauded the improvements in ease of use and reliability,
> some have concerns about using any vendor products on the official OIDF
> site.    I will point out that there is no mention of JanRain nor RPX on the
> implementation on the OIDF login implementation.  If, after having now fixed
> the trust root problem, there is still a desire to remove RPX we can
> certainly do that but Refresh Media will still have to fix the initial
> problems that it was addressing.

I think the "diversity of opinion" has changed over the past day or so
now that people have all of the information.  I understand this was an
off-the-cuff engineering decision but the optics of it *look* odd.

Brian: I appreciate you doing your best to explain what happened here.
 In the future, providing full disclosure *ahead* of deployment would
be better as I'm sure you would agree.

To summarize the thoughts I've seen here it sounds like while people
are happy with the UX of the new solution, they are not interested in
seeing any one vendors' solution put in such a prominent place.  I
would advocate returning to the original solution and dedicating
resources to fixing the Rails plugin (even if that means paying
RefreshMedia to do that).

- Scott