Ted Leung on the air: Open Source, Java, Python, and ...
I spent yesterday at the first day of the Internet Open Space in Vancouver. Vancouver is just close enough to drive it -- three hours each way. I ended up staying in a cheap hotel on Wednesday night so that I would be good for something on Thursday. Once upon a time, I could drive five hours (almost) straight with no problem. Nowadays, I spend such a small amount of time in a car, which has led to a lack of driving endurance.
I've been following the identity space with varying degrees of closeness for a few years now. The open space was a good opportunity to get caught up on the state of the world. I was pretty interested in the Liberty Alliance when it was announced a few years ago. The ASF was listed as a participant, but for reasons which remain a mystery to me, nothing ever actually happened. In the meantime, there has been a small explosion of protocols to deal with single sign on for web applications. There appears to be some coalescing of that work around Yadis and OpenID. Other vendors like SXIP and Microsoft round out the space of identity protocols.
The first session that I went to covered efforts to produce open source implementations of the Liberty specs. Apparently these efforts are just getting underway -- ironic given where things could have been. Nonetheless, a good step. I was pleased to hear about the Lasso C library for Liberty -- this is important for scripting languages. Unfortunately, I'm less excited about the GPL license, which is going to make it hard to use in some of the settings that I am interested in.
David Recordon did an informative session on OpenID 2. OpenID is expanding its scope from authentication into other areas, most notably data transfer / profile exchange. I missed most of Drummond Reed's session on Yadis -- I just caught the end, which was mostly about XRI -- but there was enough discussed in David's session that I have a general feel for what is going on. I was also glad for the chance to meet David and Drummond (for the second time), since I'll be working with them on Heraldry. Meeting people at events like ApacheCon and PyCon has demonstrated that a little face to face contact can go a long way towards easing interactions via e-mail and other mediums.
During and after lunch, I attended a mega session. Dick Hardt's session on protocol convergence and Marc Canter's session on NoID4Me ended up merging. The theme of both sessions really focused on obstacles to adoption. Marc was pretty vocal about the needs that he has for PeopleAggregator, which drove a good portion of the discussion. There's general agreement about the need for convergece of protocols, but of course, each protocol team has a vested interest in their own, and feels that theirs is the protocol that should be converged to. Someone suggested that the various protocol developers take a month off from working on protocol stuff (a deployment sabbatical, Kaliya called it), and go help someone try to implement/deploy their protocol in a product setting. I think that this is a pretty good idea if people aren't doing things like this already. One other potentially positive development from this discussion was the start of a conversation on how to have SAML and OpenID work together. The likely areas seemed to be around authentication, and the use of parts of SAML for the profile exchange mechanism that's being considered for OpenID.
When I saw Kaliya Hamlin at Gnomedex, she told me about the Liberty People Service. This is the kind of thing that would be very useful to integrate into Chandler, so I made sure to attend Paul Madsen's session on the People Service. The session was dominated by technical content as people tried to understand how the service actually worked. Despite being unfamiliar with most of the Liberty specs, I found that I had no trouble following the discussion. I spent a year or so doing some consulting on the WS-* web services stack, and that experience made it possible to follow along. I had also read the People Service whitepaper. which probably also helped. I was disappointed to hear that there are no implementations (other than private prototypes) of the People Service that someone could get a hold of and play with. In this day and age, I expect a spec to be accompanied by a reference implementation or something. Maybe I've just been hanging out with the wrong people.
The last session that I went to was Mary Ruddy's session on Higgins, which is "bus" which allows you to plug in identity protocols/stacks and provides an API for use by a diversity of clients: web browsers (via extensions), web services (via SOAP), and rich clients. There is a reference implementation that is written in Java, and seemed kind of oriented towards InfoCards. Mary said that someone was working on a C client, but she wasn't able to say much about that. I hope there will be news soon, since I am interested in either Python or Ruby implementations.
In the evening there was a nice dinner at a Chinese restaraunt. I had to skip out just a bit early, since I was driving home. Good thing too. I ran into night time highway construction on I-5 that caused me to miss my intended ferry. On the whole though, a worth while experience. I've been interested in getting support for identity into Chandler when the moment was right. It's my personal belief that People are a key way of organizing and relating to information. When I worked at Taligent, I almost worked on the workspace team, which was the team working on CommonPoint's equivalent of the Finder. The user metaphor for the workspace was called "People, Places, and Things". I wasn't there for the design discussions, but I don't think the order of the words is an accident. Bryan Starbuck and the Windows Contacts team are thinking some of the same thoughts that I am - not completely the same, obviously, since they have different problems.
It was good to see what else was happening in the same space of things as Heraldry. I was struck by how different the culture is between Liberty and the "user-centric" (I finally understand where that label came from -- and it's not obvious -- another problem that needs to be fixed in order to help people figure out what is really going on here) camps. Because Liberty is a pay for membership organization, there was often that "Liberty member" only situation. The last time I dealt with this was when I was dealing with the W3C and JCP. I didn't like it then, and I don't like it now. The Liberty stuff is well engineered, and very enterprise oriented - the design dials were turned towards maximum security, a decision which I can understand and appreciate. As I listened throughout the day, it struck me that I was re-living the J2EE vs non-J2EE/Ruby on Rails conversation. J2EE is an enterprise strength stack and there are some organizations that really need all the features and specs that go with J2EE. I think that these are the same organizations that need (and helped start) Liberty.
Other observations: I picked up one or two practices from Kaliya's facilitation of the open space, and maybe we'll try them at the next Mind Camp. There were very few cameras around, which made me somewhat self conscious about taking a lot of photographs. But I did take some, and the set is up on Flickr, including shots of some of the flipcharts.
If you were interested in something that I didn't attend, notes from many of the sessions are up on the IOSVan wiki.
Posted by Ted Leung at Sun Jul 23 09:52:53 2006
To insert a URI, just type it -- no need to write an anchor tag.
Allowable html tags are:
You can also use some Wiki style:
URI => [uri title]
<em> => _emphasized text_
<b> => *bold text*
Ordered list => consecutive lines starting spaces and an asterisk