Blogging Roller

OAuth and OpenID: take2

Dave Johnson — Tue, 18 May 2010 13:48:47 +0000

Lot's of activity in the OpenID and OAuth space recently. Both OAuth and OpenID have suffered from bad user experience, bad developer experience and low adoption. Now they're in the process of re-invention and folks from both Google and Facebook are involved. Here's my reading list so far on the topic:

IETF OAuth working group - The OAuth 2.0 Protocol - draft-ietf-oauth-v2-05 is the latest draft of OAuth 2.0, published about two weeks ago.
Eran Hammer-Lahav - Introducing OAuth 2.0 is an excellent overview of what's different and new about OAuth 2.0, listing the six new flows that are supported including a username/password flow.
David Recordon (Facebook) - OpenID Connect: A strawman... is a proposal for "OpenID Connect" a standard way to do what Facebook Connect and Google Friend Connect today, allow users to login sites with either their Facebook, Google or other identity provider credentials.
Chris Messina (Google) - Combining OpenID and OAuth with OpenID Connect covers the thinking behind OpenID Connect and the expansion of the "OpenID brand."
Michael Calore (WebMonkey) - New ‘OpenID Connect’ Proposal Could Solve Many of the Social Web’s Woes covers motivations behind OpenID Connect, problems with OAuth and OpenID.
Joseph Holsten - Your New New Web Identity another nice overview of the new OpenID and OAuth ideas, pushes back against dropping/reinventing of OpenID Attribute Exchange.
Tantek Celic - I'm calling bullshit on #OpenID Connect. Still too complex, ... is about one run-on tweet's worth of contructive criticism

Latest links - Nov. 11, 2009

Dave Johnson — Wed, 11 Nov 2009 22:52:00 +0000

Mine, all mine (& theirs too) [on Simon Phipps, SunMink]
"Sun has created a licensing option for every employee that simply shares ownership of everything that's posted equally between Sun and the blogger"
82 Social Media Policies
from the book Social Media Governance by Chris Boudreaux
OpenID Pilot Program to be Announced by US Government
Participating companies include Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems
Facebook eats away at Email usage
One of the motivations behind Google Wave?
Cubicle Muses - Wave's Web of Protocols
Nice illustration of Wave protocols by J Aaron Farr
A new architectural style called CREST
Congrats to Justin Erenkrantz, PhD
iPhone gets .Net app development
not a .Net VM on iphone; it uses a cross-compiler
Jazz Community Site - Jazz Team Blog - OSLC and Rational Team Concert
"let's look at what we would leverage from OSLC-CM in RTC to implement a mobile web application which allows us to search for change requests."
Jonathan Nolen: Shindig source repository visible in Fisheye
Nice way to view the Shindig SVN repo. Thanks to Atlassian

OpenID support in Roller

Dave Johnson — Wed, 3 Sep 2008 07:46:50 +0000

Thanks to one hard working student and the Google Summer of Code, we now have a patch for OpenID support in Roller and its ready to commit to trunk. Here's a teaser screenshot:

If you want to know more, the proposal for OpenID support is on our wiki and the patch is attached to issue ROL-1733 in our bug tracking system.

openid.sun.com

Dave Johnson — Mon, 7 May 2007 15:05:57 +0000

Tim Bray: Whatâ€™s more interesting is that weâ€™re rolling out an OpenID provider at (last time I looked) openid.sun.com, but with a twist: You canâ€™t get an OpenID there unless youâ€™re a Sun employee, and if someone offers an OpenID whose URI is there, and it authenticates, you can be really sure that theyâ€™re a Sun employee. It doesnâ€™t tell you their name or address or anything else; thatâ€™s up to the individual to provide (or not). The authentication relies on our Access Manager product, and itâ€™s pretty strong; employees here have to use those crypto-magic SecureCard token generators for serious authentication, passwords arenâ€™t good enough.

Now, if only Roller and blogs.sun.com supported OpenID we'd reallly be cookin'

APP and OpenID at JavaOne

Dave Johnson — Mon, 7 May 2007 14:43:56 +0000

Trey Drake: How do you demo a directory server? Build cool apps around it. To that end, we've built an Atom/APP server, a lightweight OpenID server, a blogging and "twitter" like app - all powered by OpenDS. Drop by our booth (Glassfish alley at CommunityONE and .org section of the pavilion during JavaONE). Ludo and I will introduce OpenDS and show off the demos in two talks; today at CommunityONE at 5PM and Wednesday at 1:30 in the CommunityCorner.

Very cool. I'm not going to be the only one talking about Atom protocol at JavaOne. I'll have to stop by the CommunityCorner, that sounds too good to miss.