[OpenID] java libraries

Peter Williams pwilliams at rapattoni.com
Tue Sep 23 17:14:06 UTC 2008 

Obviously, the project's own java libraries are not un-usable for wsfed/saml1/saml2 (and soon infocard). But, under the working hypothesis that the reference is to their own code, they are uniquely unusable for openid!?!

So, I have not recently inspected the java libraries, which are on the IDP side. The SP side (which was written in C++) was very well structured as generics, and thus could and did adapt to particular protocols, profiles and standards easily by subclassing. It was producing sp-initiated websso for SAML2 and ws-fed fine (via the ws-fed plugin.) when I investigated the source code in detail, a few months ago. Its hard to believe it would fundamentally struggle (via the plugin architecture used to adapt to ws-fed equivalent to openid) to now be unable to produce the openid messages - mostly key-value pairs - or maintain the unique session state of openid auth.

At the same time, openid discovery (with XRI) by SP is quite different to the SAML2 model. This may be where the team is struggling.

But, one must respect them too.. This guys are export coders and are mostly focused on architecture. They understand websso backwards (pun).

If openid2 cannot fit into the shib technical framework, that is actually worth a pre-doc research-grade paper reporting analytically why not! Reading that would more be far more useful than reading a report stating the results of what happaned in a small pilot (show how openid does not fit culturally into any shib-cultured organization, say.)
________________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of Jack Cleaver [jack at jackpot.uk.net]
Sent: Tuesday, September 23, 2008 9:56 AM
To: OpenID General
Subject: Re: [OpenID] java libraries

Hans Granqvist wrote:
>> Some leading lights in the US academic community are essentially
>> claiming that certain Java OpenID2 libraries are essentially
>> unusable - to the point where they can only be entirely re-written.
>> Until they are rewritten (which will never happen), no Internet2
>> funds will be aimed at OpenID2.Its hard to know if the libraries
>> referred to are the XRI libraries or IDP or SP, or AX, or what?
>>
>
> I read it as the Shibboleth Java libraries are the ones that are
> unusable.

That's how I read it; but I suppose we're all guessing.

--
Jack.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list