OpenID is an open decentralized identity framework where you can get your own identity and re-use it across the internet. The first application is single sign on which means you can login onto many websites and web applications and services (more being added daily! And all Bryght Basic sites can now support OpenId) using just one id (a URL) and one password rather than multiple passwords and multiple identities which is the case today.

To explain OpenID single sign on, we have two new screencasts for OpenID which has been included in Bryght Basic since July 31, 2007:

• Logging into a Drupal Site and Ma.gnolia using OpenID Screencast
• Associating an OpenID with your Drupal Account

As James, mentioned, he just finished one of the world's first implementations of OpenID 2 code (go James go!).

Here's an N93 video that I took of him presenting at last night's Open ID 2 Mashpit held at sxip:

Last night, a bunch of us Bryght guys attended the OpenID Mashpit hosted here in Vancouver by the folks at SXIP. It was a chance for a bunch of developer-types and interested techies to get together and dive into what, exactly, OpenID is and what this identity space is all about.

Dick Hardt started us off with an overview, so everyone was up to speed on the basic terminology and flow. The questions started coming pretty quickly and it turned into a very interactive session, proving that there is a lot of interest. We had a short break and then went into "lightning talks"....which ended up being more, longer interactive sessions.

I wanted to have an open session on "federation" – a word we never ended up defining. In short, in the network of networks world that is emerging, where any system/node can be both a consumer and provider of identity or attributes, how do pieces of the network easily share trust? The short answer is that trust is hard, but the OpenID 2 infrastructure likely gives us the extensible pieces we need (along with SAML payloads) to build such a system. We'll be focusing on making this work "out of the box" over the coming months. I had a great time during this session – I got up to the front and sort of set the stage, and then Dick Hardt joined me and we went back and forth, diving into the details of attribute exchange and how various parties in a system would grant or gain access to resources, attributes, etc. Thanks, Dick, let's take our show on the road!

When we moved into break out room, I went around the room and cornered people into installing plugins for different systems – we captured this on the wiki, and should be able to test logging into people's sites with our own OpenID URLs. For testing with OpenID 2 code, we found that SXIP has Email Verification and Attribute Exchange systems set up.

Oh yes, and as Steve Jobs likes to say....just one more thing: OpenID 2 code is now available for Drupal, with both consumer and server modules available. As far as we know, this is some of the first OpenID code out in the wild. James demo'd it last night, and Bryght has set up an identity provider at home.bryght.com. Feel free to use that as a home site, for testing or other purposes (the OSCMS Summit site has the compatible consumer module enabled). The code is not quite "finished" as James complains, but we wanted to get it out so that other people could start working on it with us and that we would be able to start testing. The big thing to note is that the OpenID 1.1 compatibility part isn't implemented yet, and large chunks of the attribute exchange aren't either.

Bryght started with a simple idea: what if we could take a powerful, complex framework like Drupal and make it available to everyone... with or without technical expertise. This was closely related to our belief that eventually static HTML pages on the Internet will be replaced by dynamic pages. Dynamic pages means web applications.

We've seen a lot of this occur over the past several years. When we started, Drupal was making the transition from Drupal 4.4 to 4.5. Multisite was just a glimmer in people's eyes, and the concept of install profiles was nowhere to be seen. Bryght worked on Drupal core to include multisite capability out of the box: all of a sudden, it was a bug if a module didn't support operating in a multisite environment.

Drupal-as-framework was in a much different state back then. Developers constantly hit cases where the core code didn't have enough "hooks and interfaces" to cleanly override everything. We ended up building a series of tools and daemons around Drupal in order to enable mass hosting. This tool is called HostMaster, and is Bryght's answer to mass hosting Drupal. It's built around Python and PostgreSQL, and has had the concept of "install profiles" for about 2 years. We originally had dreams of perhaps licensing or otherwise making money directly off this code. But in reality, this concept is foreign to our open source beliefs: the bits don't matter. Eventually, we put HostMaster under the GPL and made it available at https://svn.bryght.com/hostmaster (yes, you still need to request an account).

Scott Kveton announced the OpenID Code Bounty at OSCON today:

Integrate OpenID into your open source project and we’ll give $5,000 to your project.

We’ve seen OpenID really start to gain some momentum over the past couple of months and this Bounty program is really the exclamation point on that. There is a great list of sponsors for the program that includes people, organizations and businesses focused on building a simple, light-weight and decentralized user-centric identity platform around OpenID. Working with all of these people over the last couple of weeks has proven to me that convergence is really happening around OpenID.

I wasn't really a fan of the "original" OpenID spec. That is, it worked great, but only solved single sign-on. Then the Simple Registration Protocol, or SRP, got kludged in. This supports only 9 -- and exactly 9 -- attributes, and is not extensible. So, colour me firmly in the SXIP camp at this point.

Now, SXIP is helping to fund the OpenID bounties, and OpenID is further evolving. There is a 5th draft of OpenID 2.0, which still has profile information as separate, and Scott Kveton was earlier talking about OpenID v3 and convergence.