Blogging RollerDave Johnson on open web technologies, social software and software developmenthttps://rollerweblogger.org/roller/feed/entries/atom2026-05-18T08:23:39+00:00Apache Rollerhttps://rollerweblogger.org/roller/entry/oauth_and_openid_take2OAuth and OpenID: take2Dave Johnson2010-05-18T13:48:47+00:002010-07-10T17:06:27+00:00<p>Lot's of activity in the <a href="http://openid.net/">OpenID</a> and <a href="http://oauth.net/">OAuth</a> space recently. Both OAuth and OpenID have suffered from bad user experience, bad developer experience and low adoption. Now they're in the process of re-invention and folks from both Google and Facebook are involved. Here's my reading list so far on the topic:</p>
<ul>
<li style="padding-bottom:5px;"><em>IETF OAuth working group</em> - <a href="http://tools.ietf.org/html/draft-ietf-oauth-v2-05">The OAuth 2.0 Protocol - draft-ietf-oauth-v2-05</a> is the latest draft of OAuth 2.0, published about two weeks ago.</li>
<li><em>Eran Hammer-Lahav</em> - <a href="http://hueniverse.com/2010/05/introducing-oauth-2-0/">Introducing OAuth 2.0</a> is an excellent overview of what's different and new about OAuth 2.0, listing the six new flows that are supported including a username/password flow.</li>
<li><em>David Recordon (Facebook)</em> - <a href="http://openidconnect.com/">OpenID Connect: A strawman...</a> is a proposal for "OpenID Connect" a standard way to do what Facebook Connect and Google Friend Connect today, allow users to login sites with either their Facebook, Google or other identity provider credentials. </li>
<li><em>Chris Messina (Google)</em> - <a href="http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/">Combining OpenID and OAuth with OpenID Connect</a> covers the thinking behind OpenID Connect and the expansion of the "OpenID brand."</li>
<li><em>Michael Calore (WebMonkey)</em> - <a href="http://www.webmonkey.com/2010/05/new-openid-connect-proposal-could-solve-many-of-the-social-webs-woes/">New ‘OpenID Connect’ Proposal Could Solve Many of the Social Web’s Woes</a> covers motivations behind OpenID Connect, problems with OAuth and OpenID.</li>
<li><em>Joseph Holsten</em> - <a href="http://blog.josephholsten.com/2010/05/your-new-new-web-identity">Your New New Web Identity</a> another nice overview of the new OpenID and OAuth ideas, pushes back against dropping/reinventing of OpenID Attribute Exchange.</li>
<li><em>Tantek Celic</em> - <a href="http://tantek.com/2010/135/t2/openid-connect-complex-vocab-renaming-ignores-html-fails-user">I'm calling bullshit on #OpenID Connect. Still too complex, ...</a> is about one run-on tweet's worth of contructive criticism</li>
</ul>
https://rollerweblogger.org/roller/entry/latest_links55Latest links - Nov. 11, 2009Dave Johnson2009-11-11T22:52:00+00:002009-11-12T06:53:16+00:00<ul>
<li><a href="http://blogs.sun.com/webmink/entry/mine_all_mine_theirs_too">Mine, all mine (& theirs too) [on Simon Phipps, SunMink]</a><br>"Sun has created a licensing option for every employee that simply shares ownership of everything that's posted equally between Sun and the blogger"</li>
<li><a href="http://socialmediagovernance.com/policies.php">82 Social Media Policies</a><br> from the book Social Media Governance by Chris Boudreaux</li>
<li><a href="http://www.readwriteweb.com/archives/openid_going_mainstream_us_gov_announces_pilot_pro.php">OpenID Pilot Program to be Announced by US Government</a><br> Participating companies include Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems</li>
<li><a href="http://www.readwriteweb.com/archives/facebook_eats_away_at_email_usage_on_todays_web.php">Facebook eats away at Email usage</a><br>One of the motivations behind Google Wave?</li>
<li><a href="http://cubiclemuses.com/cm/articles/2009/08/09/waves-web-of-protocols/">Cubicle Muses - Wave's Web of Protocols</a><br> Nice illustration of Wave protocols by J Aaron Farr</li>
<li><a href="http://erenkrantz.com/CREST/">A new architectural style called CREST</a><br> Congrats to Justin Erenkrantz, PhD</li>
<li><a href="http://www.infoworld.com/d/developer-world/iphone-gets-net-app-development-194?source=rss_infoworld_news">iPhone gets .Net app development</a><br>not a .Net VM on iphone; it uses a cross-compiler</li>
<li><a href="http://jazz.net/blog/index.php/2009/09/11/oslc-and-rational-team-concert/">Jazz Community Site - Jazz Team Blog - OSLC and Rational Team Concert</a><br>"let's look at what we would leverage from OSLC-CM in RTC to implement a mobile web application which allows us to search for change requests."</li>
<li><a href="http://markmail.org/message/23drxd224pthxg4i">Jonathan Nolen: Shindig source repository visible in Fisheye</a><br> Nice way to view the Shindig SVN repo. Thanks to Atlassian</li>
</ul>https://rollerweblogger.org/roller/entry/openid_support_in_rollerOpenID support in RollerDave Johnson2008-09-03T07:46:50+00:002008-09-03T15:08:02+00:00<p>Thanks to one hard working student and the <a href="http://code.google.com/soc/2008/">Google Summer of Code</a>, we now have a patch for <a href="http://openid.net/">OpenID</a> support in Roller and its ready to commit to trunk. Here's a teaser screenshot:</p>
<img src="http://cwiki.apache.org/confluence/download/attachments/86221/login-hybrid.png"
title="OpenID login screen" />
<p>If you want to know more, the <a href="http://cwiki.apache.org/confluence/display/ROLLER/Proposal+OpenID+Support">proposal for OpenID support</a> is on our wiki and the patch is attached to <a href="https://issues.apache.org/roller/browse/ROL-1733">issue ROL-1733</a> in our bug tracking system.</p>https://rollerweblogger.org/roller/entry/openid_sun_comopenid.sun.comDave Johnson2007-05-07T15:05:57+00:002007-05-07T22:05:57+00:00<blockquote><a href="http://www.tbray.org/ongoing/When/200x/2007/05/07/OpenID-at-Sun">Tim Bray</a>: What’s more interesting is that we’re rolling out an OpenID provider at (last
time I looked) <code>openid.sun.com</code>,
but with a twist: You can’t get an OpenID there unless
you’re a Sun employee, and if someone offers an OpenID whose URI is there, and
it authenticates, you can be really sure that they’re a Sun employee.
It doesn’t tell you their name or address or anything else; that’s up to the
individual to provide (or not).
The authentication relies on our Access Manager product, and it’s pretty
strong; employees here have to use those crypto-magic SecureCard token
generators for serious authentication, passwords aren’t good enough. <br></blockquote>
Now, if only Roller and blogs.sun.com supported OpenID we'd reallly be cookin'<br>https://rollerweblogger.org/roller/entry/app_and_openid_at_javaoneAPP and OpenID at JavaOneDave Johnson2007-05-07T14:43:56+00:002007-05-07T21:43:53+00:00<blockquote><p><a href="http://blogs.sun.com/treydrake/entry/atom_app_openid_and_opends">Trey Drake</a>: How do you demo a directory server? Build cool apps around it. To that end, we've built an <a href="http://en.wikipedia.org/wiki/Atom_%28standard%29">Atom/APP</a>
server, a lightweight OpenID server, a blogging and "twitter" like app
- all powered by OpenDS. Drop by our booth (Glassfish alley at
CommunityONE and .org section of the pavilion during JavaONE). <a href="http://blogs.sun.com/ludo">Ludo</a> and I will introduce OpenDS and show off the demos in two talks; today at <a href="http://developers.sun.com/events/communityone/track2.jsp">CommunityONE</a> at 5PM and Wednesday at 1:30 in the CommunityCorner.</p></blockquote><p>Very cool. I'm not going to be the only one talking about Atom protocol at JavaOne. I'll have to stop by the CommunityCorner, that sounds too good to miss.</p>