IMHO, Single Signon is hugely important. It's also hugely boring. I've been trying off and on for some years now to try and get a development project off the ground in this area without success.

I've watched Passport rise and fall with no interop support. I've seen Liberty get hijacked by megacorps and generate a hugely complicated SOAP API with essentially no implementations. And the reference implementations are Java and ported dotnet only. SXIP looked promising but they seem unable to get any critical mass. And it's still tied to a single vendor who represents a choke point and is not big enough to force usage through. I keep thinking that one of these days Google will reprise Microsoft's MSN->Hotmail->Passport route to critical mass but I'm not holding my breath. Meanwhile at the low end Drupal's Distributed Auth is a toy approach[1] but is now as widely deployed as Drupal. And Identity Commons might work but like SXIP it's linked to a small but centralised choke point offering a for pay service (i-Names). Now we have LID which finally looks like something I can get behind. But it's currently perl only.

The vision I have is an API and set of libraries for use on the low end of blogs, Open CMS, BBS and such like. It would implement:-
1) Personal Identity Serving. From your choice of home site. This could be your blog, your website or your favourite (home) community site. This would provide an HTML About Me page as well as an XML (or XML-RDF) machine readable version.
2) Single signon. Go to a new site and say "Use my credentials from my home, here"
3) Instant account creation. Go to a new site and say "get my account profile details from my home, here."
4) Account Sync. For sites where you had used 2 or 3, automatic synchonization of the local account copy with that at your home.

What I'm looking for is a group of people prepared to hack code, implement in their favourite CMS or blog software and evangelise the above.

And I'd suggest that a useful starting point is to port LID to other languages (like PHP and Python) and then to implement it in test CMS systems. In the process we will learn huge amounts about where LID is wrong and can be improved.

At this point I'll declare an interest. I want Ecademy profiles and login to be the "Identity Home Site" for at least some Ecademy users. And I want to share that login across websites that are both tightly and loosely coupled with Ecademy. And I have a project in the short term that requires tight coupling.

Is anyone up for this?

[1]I don't want to be rude about Drupal. Distributed auth is out there and working. But using plain text passwords and passing the password around with the request for remote authentication is just not going to hack it in the wider world. And although it answers 2) it doesn't answer the other requirements.


[ << Adding tags to wikis ] [ Conspiring in torture, betraying our freedom. Charles Clarke is a disaster >> ]
[ 16-Feb-05 11:06am ] [ , , ]