I've been working on Drupal distributed search for a while now, releasing a beta of the OpenSearch Aggregator as well as a release of the OpenSearch feed module. The aggregator has a friendly UI for setting up any number of sources and the feed contains relevance information from the Drupal search system. Results are also cached on the aggregator for performance reasons.

More information about these modules can be found in my earlier blog posts about OpenSearch.

The ultimate goal however is to set up distributed search for a Bryght client between a network of secure Drupal sites. The searches for logged-in users should include content that is visible to them across all the different Drupal sites.

OpenID is the obvious choice as an identity mechanism for the users, but it does not immediately help us with the authentication. I've written a document after some research that details possible approaches and solutions. Because we're talking about frontier technology here, it seemed best to repost it publically to sollicit feedback from anyone interested. I could certainly use some extra opinions on this, as it is all very new to me.

As James, mentioned, he just finished one of the world's first implementations of OpenID 2 code (go James go!).

Here's an N93 video that I took of him presenting at last night's Open ID 2 Mashpit held at sxip:

Last night, a bunch of us Bryght guys attended the OpenID Mashpit hosted here in Vancouver by the folks at SXIP. It was a chance for a bunch of developer-types and interested techies to get together and dive into what, exactly, OpenID is and what this identity space is all about.

Dick Hardt started us off with an overview, so everyone was up to speed on the basic terminology and flow. The questions started coming pretty quickly and it turned into a very interactive session, proving that there is a lot of interest. We had a short break and then went into "lightning talks"....which ended up being more, longer interactive sessions.

I wanted to have an open session on "federation" – a word we never ended up defining. In short, in the network of networks world that is emerging, where any system/node can be both a consumer and provider of identity or attributes, how do pieces of the network easily share trust? The short answer is that trust is hard, but the OpenID 2 infrastructure likely gives us the extensible pieces we need (along with SAML payloads) to build such a system. We'll be focusing on making this work "out of the box" over the coming months. I had a great time during this session – I got up to the front and sort of set the stage, and then Dick Hardt joined me and we went back and forth, diving into the details of attribute exchange and how various parties in a system would grant or gain access to resources, attributes, etc. Thanks, Dick, let's take our show on the road!

When we moved into break out room, I went around the room and cornered people into installing plugins for different systems – we captured this on the wiki, and should be able to test logging into people's sites with our own OpenID URLs. For testing with OpenID 2 code, we found that SXIP has Email Verification and Attribute Exchange systems set up.

Oh yes, and as Steve Jobs likes to say....just one more thing: OpenID 2 code is now available for Drupal, with both consumer and server modules available. As far as we know, this is some of the first OpenID code out in the wild. James demo'd it last night, and Bryght has set up an identity provider at home.bryght.com. Feel free to use that as a home site, for testing or other purposes (the OSCMS Summit site has the compatible consumer module enabled). The code is not quite "finished" as James complains, but we wanted to get it out so that other people could start working on it with us and that we would be able to start testing. The big thing to note is that the OpenID 1.1 compatibility part isn't implemented yet, and large chunks of the attribute exchange aren't either.