IIW 2006b – Content

Here are the things that I want to remember about IIW 2006b in Mountain View CA – meeting all sorts of brilliant people, trying to make Kaliya’s massive unconference schedule stick to the wall so that the lines matched between sheets, ordering larb gai at dinner PET PET, strategizing over lattes, impromtu demos and work sessions, suggesting new voices for TomTom (ya hoser), and late night life philosophy trading… Yeah, we had fun.

And now for the geeky bits:

1) OSIS update: This was one of the first sessions of the day, and I found it fascinating. Session notes are here.

My takeaways (FWIW as an outside observer):

  • We won’t see any release of an Identity Selector by a vendor until certain things are ironed out on the IP front. Who knows how long that will take. What a bummer.
  • I find that there is a disconnect between how insiders see OSIS and how outsiders see OSIS, which seems to results in the need for constant expectation adjustment at these public meetings. The insiders grok all the history, how it evolved, how this group and that group blended & merged to form today’s OSIS working group, and what they hope to accomplish. Perfectly logical, but inwards facing. Outsiders don’t see that stuff. They see an entity that calls itself a system, and which seems to offer an opportunity to rationalize a whole bunch of separate efforts into a more easily understood whole — in other words, an outwards facing project. As far as I can tell, the current OSIS goals are primarily about making sure the vendors get it all ironed out between themselves. It is a critical function. At the same time, however, the rest of us are already clamoring to build on that foundation. The external rationalization needs to come, one way or another. Perhaps OSIS will start a second committee – after all, it is a logical place for this work to occur, and also, this is where all the thought leaders are. If not — well I guess we’ll have to wait and see who picks up that particular torch.

2) Lightbulb: Pat’s code is always fun to see in action, but what excited me was the integration he showed with the Sun Access Manager product. That opens up a whole raft of possibilities… Now that I’ve seen it, I might have to take a shot at OpenID-enabling our company mail server, just for fun :-D

3) Sxipper Demo: Sxip showed off their new service, which lives at sxipper.com. The goal is to simplify online interactions with both registration and login forms. It looked purty, definitely worth trying out.

4) Speed-Geeking: This was the highlight of the conference for me. I was able to get a quick glimpse of many different development efforts, a number of which I’m sure I would have missed had they been only in a full-time conference session. Since my primary focus is on the CardSpace stuff, I hadn’t been attending as many of the OpenID-facing sessions, but some of the OpenID demos really opened my eyes. I think the most fascinating demo was the one that was given by Avery Glasser – but I’ll save my thoughts on that topic for another entire entry :)

5) Kim’s Code: Kim showed off PHP code that utilized new XML security libraries that I can’t wait to get my grubby little paws on.

6) The Ruby on Rails guys: After Kim’s talk, 3 guys decided to take fate into their own hands and code an RP in Ruby on Rails. Justin, Trenton, and Devlin worked into the night figuring all of this out from scratch, and they made a significant dent in the code, too. It was really really fun to watch them work. I hope we get to see the fruits of these efforts at the next speed-geeking session!

7) OSIS in Action: It was great to see Dale Olds and Mary Ruddy demonstrate RP & IdP interactions using an open source stack. Talk about a wonderful milestone to hit – it was obvious that some serious love and care had gone into the making of this demo. During the session, there was an interesting discussion around ways in which an RP can deal with mid-session elevation of privileges that I think is just the tip of the iceberg, and which demonstrates the massive body of best practices that need to emerge surrounding information card based user interactions. The scenario at hand was as follows: a user needs one set of claims to have read access to the site, and should they wish to write to the site, they need a single extra claim. If the RP asks for the extra claim as an optional claim at initial login, they need to somehow communicate to the user (a) That the optional claim exists (since it isn’t particularly obvious in the CardSpace GUI), and (b) in what exact context the optional claim is meaningful. These are critical conversations to have, and I enjoyed taking part.

Ha, well there you go, more opinion than you ever wanted on IIW 2006b…