Blogging Roller

Lot's of activity in the OpenID and OAuth space recently. Both OAuth and OpenID have suffered from bad user experience, bad developer experience and low adoption. Now they're in the process of re-invention and folks from both Google and Facebook are involved. Here's my reading list so far on the topic:

• IETF OAuth working group - The OAuth 2.0 Protocol - draft-ietf-oauth-v2-05 is the latest draft of OAuth 2.0, published about two weeks ago.
• Eran Hammer-Lahav - Introducing OAuth 2.0 is an excellent overview of what's different and new about OAuth 2.0, listing the six new flows that are supported including a username/password flow.
• David Recordon (Facebook) - OpenID Connect: A strawman... is a proposal for "OpenID Connect" a standard way to do what Facebook Connect and Google Friend Connect today, allow users to login sites with either their Facebook, Google or other identity provider credentials.
• Chris Messina (Google) - Combining OpenID and OAuth with OpenID Connect covers the thinking behind OpenID Connect and the expansion of the "OpenID brand."
• Michael Calore (WebMonkey) - New ‘OpenID Connect’ Proposal Could Solve Many of the Social Web’s Woes covers motivations behind OpenID Connect, problems with OAuth and OpenID.
• Joseph Holsten - Your New New Web Identity another nice overview of the new OpenID and OAuth ideas, pushes back against dropping/reinventing of OpenID Attribute Exchange.
• Tantek Celic - I'm calling bullshit on #OpenID Connect. Still too complex, ... is about one run-on tweet's worth of contructive criticism

• Mine, all mine (& theirs too) [on Simon Phipps, SunMink]
  "Sun has created a licensing option for every employee that simply shares ownership of everything that's posted equally between Sun and the blogger"
• 82 Social Media Policies
  from the book Social Media Governance by Chris Boudreaux
• OpenID Pilot Program to be Announced by US Government
  Participating companies include Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems
• Facebook eats away at Email usage
  One of the motivations behind Google Wave?
• Cubicle Muses - Wave's Web of Protocols
  Nice illustration of Wave protocols by J Aaron Farr
• A new architectural style called CREST
  Congrats to Justin Erenkrantz, PhD
• iPhone gets .Net app development
  not a .Net VM on iphone; it uses a cross-compiler
• Jazz Community Site - Jazz Team Blog - OSLC and Rational Team Concert
  "let's look at what we would leverage from OSLC-CM in RTC to implement a mobile web application which allows us to search for change requests."
• Jonathan Nolen: Shindig source repository visible in Fisheye
  Nice way to view the Shindig SVN repo. Thanks to Atlassian

Thanks to one hard working student and the Google Summer of Code, we now have a patch for OpenID support in Roller and its ready to commit to trunk. Here's a teaser screenshot:

If you want to know more, the proposal for OpenID support is on our wiki and the patch is attached to issue ROL-1733 in our bug tracking system.

Tim Bray: What’s more interesting is that we’re rolling out an OpenID provider at (last time I looked) openid.sun.com, but with a twist: You can’t get an OpenID there unless you’re a Sun employee, and if someone offers an OpenID whose URI is there, and it authenticates, you can be really sure that they’re a Sun employee. It doesn’t tell you their name or address or anything else; that’s up to the individual to provide (or not). The authentication relies on our Access Manager product, and it’s pretty strong; employees here have to use those crypto-magic SecureCard token generators for serious authentication, passwords aren’t good enough. 

Trey Drake: How do you demo a directory server? Build cool apps around it. To that end, we've built an Atom/APP server, a lightweight OpenID server, a blogging and "twitter" like app - all powered by OpenDS. Drop by our booth (Glassfish alley at CommunityONE and .org section of the pavilion during JavaONE). Ludo and I will introduce OpenDS and show off the demos in two talks; today at CommunityONE at 5PM and Wednesday at 1:30 in the CommunityCorner.

Very cool. I'm not going to be the only one talking about Atom protocol at JavaOne. I'll have to stop by the CommunityCorner, that sounds too good to miss.