Open Source Identity for the Web 2.0 Era
By superpat on Nov 21, 2006
Regular readers might recall I gave a presentation in Japan last month titled 'Open Source Identity for the Web 2.0 Era'. The Liberty Alliance folks liked it so much, they've asked me to repeat it as a webcast next Wednesday - 11/29/2006 - details here (if you're interested, better sign up fast, places are limited!).
The presentation focuses on OpenSSO and Project Lightbulb - the OpenSSO sub-project that implements a SAML 2.0 service provider in straight PHP - no custom extensions required. I'm planning to SAML 2.0-enable a simple PHP application, live on-the-air, no safety net
Web 2.0 is a difficult term; it means something different to almost everyone you ask. Some focus on particular technologies - Ajax (just pasted that link in - do you realize, that essay, that coined the term 'Ajax', is only 21 months old!) being the most common example. Others focus on particular companies - Flickr, YouTube, any number of social networking sites - or business models - for example, combining your users' individual efforts to create something bigger than the sum of their parts.
For me, 'Web 2.0' is simply a shorthand for 'the Web today is very different from the Web of 5 years ago'. It's a whole world of change wrapped into a somewhat glib phrase. The Tokyo Liberty Alliance Day took Web 2.0 as its theme - my angle on it with this presentation is that a large part of Web 2.0 is participation - notably open source and lightweight languages - look at any 'Web 2.0 company' and you'll find lots of LAMP. It's this aspect that I focus on in 'Open Source Identity for the Web 2.0 Era' - bridging the gap between the enterprise/telco/square world of SAML 2.0 and the bloggy/scripty/hip world of PHP.
Having said all that, Johannes is spot on that "putting control in the hands of the end user — the essence of Web 2.0 — is not typically compatible with the way SAML projects tend to end up". There is much work to do in figuring out how the core of SAML 2.0 can be leveraged in wider settings than the typical (but no less important for that) enterprise/telco use cases. We're seeing some great thinking in this area from the likes of Paul and Eve. I suspect that this will be a key topic of the upcoming Internet Identity Workshop 2006b.