OSIS I3 Interop: a Retrospective

With much fanfare, I’d like to announce the availability of my analysis of the last OSIS Interop.  Hosted on the Nulli Secundus website, the paper is possible due to sponsorship contract from Microsoft that allowed me to also create a lot of the infrastructure supporting the I3 Interop.  With luck, that infrastructure will serve as the basis for many more Interops to come!

This paper is not about who “won” the Interop;  in fact, no solutions or participants are explicitly named at all.  Instead, the focus was on participation, cumulative results analysis per solution role, achievements as a community, and next steps.

I believe that the I3 Interop has set us up to build a very robust, very comprehensive common feature landscape for Information Cards. The I3 Interop was not nearly as impactful for OpenID, however due to the incredible efforts of John Bradley, I believe that I4 will see some very interesting developments and participation on the OpenID side of the house.

I continue to be in awe of the dedication and spirit of collaboration that our community has demonstrated over the last two years.  It is clear that everyone is interested in getting it right, first and foremost; enough for Interop testers to enter more than 1200 separate test results into our wiki over a five-month period.

You’ll have to read the report to learn what else went on :-)   If you were a participant in the Interop and you have additional wisdom to offer or you completely disagree with my interpretation, I am very open to putting out a revised version of this document incorporating additional perspectives!

Big thanks to Dale, Axel, and Mike for adding their thoughts, and MASSIVE MONUMENTAL thanks to Trish Jones (who goes by Patricia L. Jones professionally), who went far far above and beyond the call of duty to act as editor through revision after revision.  I used to think I had a fairly good grasp of the English language;  I now know that I have a long way to go to attain technical writing zen.  Without Trish, you would be reading a very different paper.

Well?  What’re you hanging around here for?  Go read the paper!!!

Can you Feel the RSA Buzz?

Everyone is feverishly preparing for the RSA Conference next week. We not only have OSIS Interop activities going on digitally, but RSA has donated us a room for Tuesday and Wednesday (April 8 & 9 2008) – the plan is to have working sessions for participants able to be physically present between 11am and 4pm both days, and then to party it up — showing off all of our products during 4-6pm both days. You are welcome to stop by and chat any time, but you’re going to have the best experience during the open houses, since that is the time when all of the Participants will be around and set up to show you their stuff.

If you are interested in meeting a bunch of the movers & shakers in user-centric identity, you should come and visit us — Both OpenID and Information Card providers are participating, and many of the participants have solutions that knit the two technologies together.

From a Pamela Project perspective, I’ve just updated PamelaWare for Joomla to work on Joomla 1.5 — it is not nearly enough for distribution yet (lots of things still to update), but it is good enough to kick the tires. I’d pretty well given up on Joomla v1.0 after they completely rewrote the password storage mechanism during a point release (surprise!). We were already hacking core Joomla files anyway in that version – it just wasn’t pretty. Joomla 1.5, on the other hand, is definitely pretty.

The test site is here: http://pamelaproject.com/jostest15 — check it out! Joomla 1.5 supports OpenID out of the box btw, so my test instance can be used to check out that functionality too! From a test perspective, I’ve added an unregister function, so you can try a card, and then remove your entry either to try again, or just to keep your data from being stored.

Pain Points & Interop

As part of the next OSIS Interop, participants are contributing pain points that stand in the way of easy interoperation of user-centric components.

My personal list involves the pieces that I have found to stand in the way, when writing code for the Pamela Project. For those of you who are interested, the discussion is still going on, you could probably sneak in a few extra suggestions if you were do it soon. I would suggest subscribing to both the OSIS general mailing list and the new Google Group dedicated to this particular Interop (the new list is currently empty, but I don’t expect it to remain that way for long).

List items have so far ranged from usability issues to protocol underspecification, to debates over whether certain aspects of a component can be implemented securely. There are OpenID suggestions from at least two different participants, which is great! I think the final list is going to be an important body of work, and I personally would like to see that body of work turned into the beginnings of a set of recommended practices that new component writers can refer to as they work to become interoperable.

Stay tuned for more…


On monday, OSIS members agreed to put on another Interop — this time in Europe.

This will again be a joint effort between the Burton Group and OSIS, with final results demonstrated at the Catalyst Europe conference in Barcelona Italy Spain (blonde moment) sometime during October 22-25 2007.

Participation is OPEN – if you have a component and you want to interoperate, join us. We are still hammering out the scenarios, so if you join now, you can influence what we test, if there are areas of interoperation that are critical to your project or group.

Discussion around this event is currently taking place on the osis-general mailing list — join the list and announce yourself if you are interested in participating or finding out more, or drop me a note if you want more information.

There are all sorts of new groups out there, and I can’t wait to see their code. We accomplished a lot last time, and we’re ready to do the same again!