Nat Sakimura has written a valuable post describing how to write an OpenID Connect server in three simple steps. It shows by example how simple it is for OAuth servers to add OpenID Connect functionality. This post is a companion to his previous post OpenID Connect in a Nutshell, which described how simple it is to build OpenID Connect clients. If you’re involved in OpenID Connect in any way, or are considering becoming involved, these posts are well worth reading.
Archive for the 'People' Category
As you may have seen, the results of the 2013 OpenID Board Election have been announced. Thanks to all of you who participated and thank you for entrusting me with a seat on the board for the next two years. My congratulations to my fellow board community members as well. I intend to make the most of this opportunity to continue making people’s online interactions more seamless, secure, and valuable.
The election for community (individual) OpenID board members is under way at https://openid.net/foundation/members/elections/14. I encourage all of you to vote now. (Don’t wait until the morning of Wednesday, February 6th!) If you’re not already an OpenID Foundation member, you can join for USD $25 at https://openid.net/foundation/members/registration and participate in the election.
I’m running for the board this time and would appreciate your vote. My candidate statement, which is also posted on the election site, follows.
OpenID has the potential to make people’s online interactions seamless, secure, and more valuable. I am already working to make that a reality.
First, a bit about my background with OpenID… I’ve been an active contributor to OpenID since early 2007, including both specification work and serving the foundation. My contributions to the specification work have included: an author and editor of the OpenID Provider Authentication Policy Extension (PAPE) specification, editor of the OAuth 2.0 bearer token specification (now RFC 6750), an author and editor of the JSON Web Token (JWT) specification and the JSON Object Signing and Encryption (JOSE) specifications, which are used by OpenID Connect, and an active member of the OpenID Connect working group.
I’ve also made substantial contributions to the foundation and its mission, including: In 2007 I worked with the community to create a legal framework for the OpenID Foundation enabling both individuals and corporations to be full participants in developing OpenID specifications and ensuring that the specifications may be freely used by all; this led to the patent non-assertion covenants that now protect implementers of OpenID specifications. I served on the board representing Microsoft in 2008 and 2009, during which time I was chosen by my fellow board members to serve as secretary; you’ve probably read some of the meeting minutes that I’ve written. I’ve served on the board as an individual since 2011. I have helped organize numerous OpenID summits and working group meetings. I chaired the election committee that developed the foundation’s election procedures and software, enabling you to vote with your OpenID. I co-chaired the local chapters committee that developed the policies governing the relationships between local OpenID chapters around the world and the OpenID Foundation. I also serve on the marketing committee and am a member of the Account Chooser working group.
I’d like to continue serving on the OpenID board, because while OpenID has had notable successes, its work is far from done. Taking it to the next level will involve both enhanced specifications and strategic initiatives by the foundation. Through OpenID Connect, we are in the process of evolving OpenID to make it much easier to use and deploy and to enable it to be used in more kinds of applications on more kinds of devices. The Account Chooser work is making it easier to use identities that you already have across sites. I’m also pleased that the Backplane Exchange work is happening in the foundation – clear evidence of the increasing value provided by the OpenID Foundation. Yet, as a foundation, we need to continue building a broader base of supporters and deployers of OpenID, especially internationally. We need to form closer working relationships with organizations and communities doing related work. And we need continue to safeguarding OpenID’s intellectual property and trademarks so they are freely available for all to use.
I have a demonstrated track record of serving OpenID and producing results. I want to continue being part of making open identity solutions even more successful and ubiquitous. That’s why I’m running for a community board seat in 2013.
The OpenID Foundation has announced the upcoming OpenID community board member election. Board members play an important role in safeguarding and advancing OpenID technologies and doing the work of the Foundation on a day-to-day basis. If you’re considering running, I’d be glad to discuss my experiences serving on the board with you.
Watch the OpenID blog and this space for updates on the election over the next few months.
(And yes, I plan to stand for re-election.)
My congratulations to Greg Keegstra and Axel Nennker for their election to the OpenID Board of Directors. Greg brings strong marketing chops and his can-do spirit to the board. Axel returns with his mix of deep technical expertise and common sense. I’m looking forward to serving with both of you!
Nat Sakimura has written a valuable post describing OpenID Connect in a nutshell. It shows by example how simple it is for relying parties to use basic OpenID Connect functionality. If you’re involved in OpenID Connect in any way, or are considering becoming involved, his post is well worth reading.
My thanks to those of you who voted in the OpenID Board Election. I’m pleased to report that John Bradley, Nat Sakimura, Kick Willemse, and I were elected as community board members for 2011 and 2012 and that Axel Nennker and Chris Messina were elected for 2011.
I’m really excited about the set of people you chose, both because of their passion for user-centric identity, and because of the diverse communities that they represent. Out of the six of us, there are representatives from Chile, Germany, Japan, Netherlands, and two token Americans. :-) You can read more about the 2011 board at the OIDF blog post announcing the election results.
The election for community (individual) OpenID board members is under way at https://openid.net/foundation/members/elections/7. I encourage all of you to vote now. (Don’t wait until the morning of Wednesday, December 15th!) If you’re not already an OIDF member, you can join for USD $25 at https://openid.net/foundation/members/registration and participate in the election.
I’m running for the board this time, and would appreciate your vote. My candidate statement, which is also posted on the election site, follows.
OpenID has the potential to make people’s online interactions seamless, secure, and more valuable. I am already working to make that a reality.
First, a bit about my background with OpenID… I’ve been an active contributor to OpenID since early 2007, including both specification work and serving the foundation. My contributions to the specification work have included: an author and editor of the OpenID Provider Authentication Policy Extension (PAPE) specification, editor of the OAuth 2.0 bearer token specification, co-author of the emerging JSON Web Token (JWT) specification, which will be used by the OpenID Artifact Binding, and an active member of the Artifact Binding working group.
I’ve also made substantial contributions to the foundation and its mission, including: In 2007 I worked with the community to create a legal framework for the OpenID Foundation enabling both individuals and corporations to be full participants in developing OpenID specifications and ensuring that the specifications may be freely used by all; this led to the patent non-assertion covenants that now protect implementers of OpenID specifications. I served on the board representing Microsoft in 2008 and 2009, during which time I was chosen by my fellow board members to serve as secretary; you’ve probably read some of the meeting minutes that I’ve written. I helped organize the OpenID summits hosted by Microsoft in 2010: April in Mountain View and June in London. I chaired the election committee that developed the foundation’s election procedures and software, enabling you to vote with your OpenID. And I co-chaired the local chapters committee that developed the policies governing the relationships between local OpenID chapters around the world and the OpenID Foundation.
I’d like to serve OpenID on the board again in 2011, this time as an individual, because while OpenID has had notable successes, its work is far from done. Taking it to the next level will involve both enhanced specifications and strategic initiatives by the foundation. As a community, we need to evolve OpenID to make it much easier to use and to enable it to be used in more kinds of applications on more kinds of devices. As a foundation, we need to build a broader base of supporters and deployers of OpenID, especially internationally. We need to form closer working relationships with organizations and communities doing related work. And we need continue to safeguarding OpenID’s intellectual property and trademarks so they are freely available for all to use.
I have a demonstrated track record of serving OpenID and producing results. I want to be part of making OpenID even more successful and ubiquitous. That’s why I’m running for a community board seat for 2011.
I’m writing to let you know that I’ve joined the recently formed Identity Standards and Policy team at Microsoft. For those of you outside the company, this mostly just means means that you’ll see more of me in the roles you’re used to seeing me in – building industry consensus around identity solutions for the Internet and the enterprise, and taking them from ideas to actual deployments.
I’m joining a great team, who many of you already know: Mary Rundle, our team’s policy and legal expert, who brings an informed and sensitive international perspective to our work, David Turner, an experienced and thoughtful international standards expert, who also throws a great participatory neighborhood music party every year, and Tony Nadalin (a.k.a. Dr. Secure), who leads the team and brings his unique seasoned perspectives, insights, and wry humor to all our work together.
I’m honored by Microsoft’s and Tony’s trust in me to bring me onto the team. I look forward to solving identity problems that matter with many of you in the coming months and years because of it.
I’m working directly with developers on a prototype project at the moment. I’ve tried to keep the lessons from this great post by Paul Graham about how programmers work most efficiently in mind when interacting with them. Here’s a teaser excerpt to get you to read the rest of it:
When you’re operating on the maker’s schedule, meetings are a disaster. A single meeting can blow a whole afternoon, by breaking it into two pieces each too small to do anything hard in. Plus you have to remember to go to the meeting.
(Come to IIW if you want to see what we’ve been working on and talk with the developers yourself. :-) )
On the Kona coast of Hawaii, there’s a tradition of writing messages on the black lava flows using the white coral that washes up on the beaches. On a whim, we added a message of our own. You’ll find it about 12 miles north of the Kona Airport on the west side of the Queen Kaahumanu highway at 19°53.6759′N × 155°53.6407′W.
My co-conspirators with their artwork
The OpenID Foundation just completed its first election for community board seats. 17 candidates ran for 7 seats and 175 out of 217 eligible members voted in the election. My congratulations to Snorri Giorgetti, Nat Sakimura, Chris Messina, David Recordon, Eric Sachs, Scott Kveton, and Brian Kissel for their election as community board members. I look forward to serving on the board with them in January, along with my fellow corporate board members DeWitt Clinton, Tony Nadalin, Gary Krall, and Raj Mata. It looks like a great board!
Dick Hardt, independent thinker, entrepreneur, Identity 2.0 leader, fellow OpenID board member, and friend, is Coming to America and joining Microsoft. Dick, I’m looking forward to working with you as a colleague and expect your perspectives to change what we do and make us better for it.
P.S. Lest any of you think I’m being rude, the title of this post is a tribute to Dick’s famous (infamous?) talk title “Who is the Dick on your site?”. :-)
In May 2005, when I wrote the whitepaper “Microsoft’s Vision for an Identity Metasystem”, these sentences were aspirational:
Microsoft’s implementation will be fully interoperable via WS-* protocols with other identity selector implementations, with other relying party implementations, and with other identity provider implementations.
Non-Microsoft applications will have the same ability to use "InfoCard" to manage their identities as Microsoft applications will. Non-Windows operating systems will be able to be full participants of the identity metasystem we are building in cooperation with the industry. Others can build an entire end-to-end implementation of the metasystem without any Microsoft software, payments to Microsoft, or usage of any Microsoft online identity service.
Now they are present-day reality.
This didn’t happen overnight and it wasn’t easy. Indeed, despite it being hard, the identity industry saw it as vitally important, and made it happen through concerted, cooperative effort. Key steps along the way included the Laws of Identity, the Berkman Center Identity Workshops in 2005 and 2006, the Internet Identity Workshops, the establishment of OSIS, the formation of the Higgins, Bandit, OpenSSO, xmldap, and Pamela projects, publication of the Identity Selector Interoperability Profile, the Open Specification Promise, the OSIS user-centric identity interops (I1 rehearsal, I1, I2, I3, and the current I4), the OpenID anti-phishing collaboration, the Information Card icon, and of course numerous software releases by individuals and companies for all major development platforms, including releases by Sun, CA, and IBM.
Of course, despite all the groundwork that’s been laid and the cooperation that’s been established, the fun is really just beginning. What most excites me about the group of companies that have come together around Information Cards is that many of them are potential deployers of Information Cards, rather than just being producers of the underlying software.
The Internet is still missing a much-needed ubiquitous identity layer. The good news is that the broad industry collaboration that has emerged around Information Cards and the visual Information Card metaphor is a key enabler for building it, together in partnership with other key technologies and organizations.
The members of the Information Card Foundation (and many others also working with us) share this vision from the conclusion of the whitepaper:
We believe that many of the dangers, complications, annoyances, and uncertainties of today’s online experiences can be a thing of the past. Widespread deployment of the identity metasystem has the potential to solve many of these problems, benefiting everyone and accelerating the long-term growth of connectivity by making the online world safer, more trustworthy, and easier to use.
In that spirit, please join me in welcoming all of these companies and individuals to the Information Card Foundation: founding corporate board members Equifax, Google, Microsoft, Novell, Oracle, and PayPal; founding individual board members Kim Cameron, Pamela Dingle, Patrick Harding, Andrew Hodgkinson, Ben Laurie, Axel Nennker, Drummond Reed, Mary Ruddy, and Paul Trevithick; launch members Arcot Systems, Aristotle, A.T.E. Software, BackgroundChecks.com, CORISECIO, FuGen Solutions, Fun Communications, Gemalto, IDology, IPcommerce, ooTao, Parity Communications, Ping Identity, Privo, Wave Systems, and WSO2; associate members Fraunhofer Institute and Liberty Alliance; individual members Daniel Bartholomew and Sid Sidner.
I recently encountered Ryan Janssen’s insightful series entitled “The History of Tomorrow’s Internet” and immediately read the whole thing in one sitting. Among other gems, I found in it the clearest explanation of the value and promise of XRI/XDI that I’ve ever read. Great stuff!
The most recent installment detailed his experiences of “how it feels for a regular person to use Cardspace”. In particular, he documented his experience of using CardSpace for the first time to leave a comment on this blog. He introduced his narrative with:
… as someone who’s business it is to build great software, I KNOW how hard good UI is. Believe me, I work with a GREAT product team and we try REALLY hard to make intuitive software and we fail EVERY day. Having said that, this post isn’t going to paint a real pretty picture.
I’ll let each of you read his blow-by-blow narrative yourself. He closes with:
So what’s the final analysis? Well, as I stated in the beginning, the purpose of this post isn’t to bash Microsoft or Cardspace. Like I said, I build software and when I actually see a normal person use it for the first time, I’m inevitably embarrassed at how difficult it is. Software is hard and Cardspace is brand new. Nonetheless, this does show how far the technology has to go before Mom and Dad are going to be using it. Usernames and Passwords are UBIQUITOUS. We’ve been trained on the visual metaphors for at least a decade. Replacing that with ANY other paradigm is going to rough. To have any chance of success, the Cardspace workflow will need to be much improved.
Because I’m a member of the CardSpace team, I can say that as much as the team is understandably proud of what they accomplished in V1, they’re also pragmatic realists who are fully aware of the issues that Ryan documents so well and the vital importance of addressing them in our future releases. It’s exciting participating in that very process on the fifth floor of Microsoft building 40, day in, day out, as the team defines and refines what the next release will contain. Greatly improved usability is certainly one of our highest-priority goals.
I know that Ryan has also motivated Pamela and me to take a look at how the flow on the blog can be improved. PamelaWare for WordPress isn’t even yet a V1 release (it’s at v0.9 currently) and I know Pamela has lots of ideas on how to improve it. Ryan’s experiences will certainly help inform the next release.
Also, I’ll remark on these excellent observations:
Ready to post? Not yet. Since my iCard is self-issued, Mike’s site (yes, the site is called self-issued.info ironically enough) doesn’t trust me and has now decided that I need to verify my email address. This is obviously a little annoying, but it brings up a good use-case for the first Claim Provider–one that has verified my email address, home address, and phone numbers, so I NEVER have to respond to an email or text message like this again.
Asking the user to verify his or her e-mail address is a way of obtaining a backup means of authentication that can be used in the case where user has lost his Information Card. Just like many accounts backed by passwords use e-mail in the “lost password” flow, PamelaWare uses e-mail to the user in the “lost card” flow and verifies ownership of the e-mail address at account creation time. Ryan correctly points out that if I had received a verified e-mail address as a claim there’s several steps we could have skipped. Making this scenario a reality is one of my personal goals for the Identity Layer we’re all building together.
There’s nothing like real user data to inform what needs to happen next. Thanks, Ryan, for taking the time to provide it to all of us. I look forward to reading the next installment of the series!
I’m writing today to publicly welcome Stefan Brands, Christian Paquin, and Greg Thompson, of Credentica to Microsoft’s Identity and Access Group. I’m looking forward to working with them and to us adding their fantastic minimal disclosure technology to our identity products. Like Kim, I’m excited!
I urge people to check out Stefan’s announcement, Kim’s detailed write-up about the significance of this technology (I love the phrase “Need-to-Know Internet”), and Brendon Lynch’s post on Microsoft’s Data Privacy blog.
Welcome to Microsoft!
Second, on the blog they’ve started a series of posts about new features to come in the .Net Framework 3.5, which will ship with Windows Vista Service Pack 1 and be available as a free download for Windows XP and Windows Server 2003. The first post in the series describes the ability to use Information Cards at relying parties over http connections, without requiring a SSL certificate. This was a feature a number of you had asked for and the team responded.