openid

OpenID is an open decentralized identity framework where you can get your own identity and re-use it across the internet. The first application is single sign on which means you can login onto many websites and web applications and services (more being added daily! And all Bryght Basic sites can now support OpenId) using just one id (a URL) and one password rather than multiple passwords and multiple identities which is the case today.

To explain OpenID single sign on, we have two new screencasts for OpenID which has been included in Bryght Basic since July 31, 2007:

• Logging into a Drupal Site and Ma.gnolia using OpenID Screencast
• Associating an OpenID with your Drupal Account

I've been working on Drupal distributed search for a while now, releasing a beta of the OpenSearch Aggregator as well as a release of the OpenSearch feed module. The aggregator has a friendly UI for setting up any number of sources and the feed contains relevance information from the Drupal search system. Results are also cached on the aggregator for performance reasons.

More information about these modules can be found in my earlier blog posts about OpenSearch.

The ultimate goal however is to set up distributed search for a Bryght client between a network of secure Drupal sites. The searches for logged-in users should include content that is visible to them across all the different Drupal sites.

OpenID is the obvious choice as an identity mechanism for the users, but it does not immediately help us with the authentication. I've written a document after some research that details possible approaches and solutions. Because we're talking about frontier technology here, it seemed best to repost it publically to sollicit feedback from anyone interested. I could certainly use some extra opinions on this, as it is all very new to me.

As James, mentioned, he just finished one of the world's first implementations of OpenID 2 code (go James go!).

Here's an N93 video that I took of him presenting at last night's Open ID 2 Mashpit held at sxip:

Last night's OpenID Mashpit went well. Despite demoing some code still under very active development, and having our internet connection drop in the middle of it - it was nice to show off some of the stuff I've been working on lately in a crowd that "gets it". More interesting, however, was getting a chance to talk about and get some clarification on certain aspects. In particular, I feel like I have a much better idea of the vision behind Attribute Exchange and how it should ideally work. If nothing else, getting to just chat about "Identity 2.0" with Dick was a treat.

Other bits of interest: we stood up a work-in-progress OpenID Provider (OP) for Bryght at home.bryght.com (using all native drupal code). It's *very* much still a work in progress, but also one of the earliest OP's "in the wild" to support the 2.0 draft spec (or most of it anyway). Similarly, SXIP has a demo Relying Party (RP) that supports attribute exchange - that will come in handy for testing against.

Thanks again to the folks at SXIP for hosting a great event, and thanks to everyone who showed up!

Last night, a bunch of us Bryght guys attended the OpenID Mashpit hosted here in Vancouver by the folks at SXIP. It was a chance for a bunch of developer-types and interested techies to get together and dive into what, exactly, OpenID is and what this identity space is all about.

Dick Hardt started us off with an overview, so everyone was up to speed on the basic terminology and flow. The questions started coming pretty quickly and it turned into a very interactive session, proving that there is a lot of interest. We had a short break and then went into "lightning talks"....which ended up being more, longer interactive sessions.

I wanted to have an open session on "federation" – a word we never ended up defining. In short, in the network of networks world that is emerging, where any system/node can be both a consumer and provider of identity or attributes, how do pieces of the network easily share trust? The short answer is that trust is hard, but the OpenID 2 infrastructure likely gives us the extensible pieces we need (along with SAML payloads) to build such a system. We'll be focusing on making this work "out of the box" over the coming months. I had a great time during this session – I got up to the front and sort of set the stage, and then Dick Hardt joined me and we went back and forth, diving into the details of attribute exchange and how various parties in a system would grant or gain access to resources, attributes, etc. Thanks, Dick, let's take our show on the road!

When we moved into break out room, I went around the room and cornered people into installing plugins for different systems – we captured this on the wiki, and should be able to test logging into people's sites with our own OpenID URLs. For testing with OpenID 2 code, we found that SXIP has Email Verification and Attribute Exchange systems set up.

Oh yes, and as Steve Jobs likes to say....just one more thing: OpenID 2 code is now available for Drupal, with both consumer and server modules available. As far as we know, this is some of the first OpenID code out in the wild. James demo'd it last night, and Bryght has set up an identity provider at home.bryght.com. Feel free to use that as a home site, for testing or other purposes (the OSCMS Summit site has the compatible consumer module enabled). The code is not quite "finished" as James complains, but we wanted to get it out so that other people could start working on it with us and that we would be able to start testing. The big thing to note is that the OpenID 1.1 compatibility part isn't implemented yet, and large chunks of the attribute exchange aren't either.