It seems like the discussion on Heraldry has died down, so I'd like
to call for a VOTE on accepting Heraldry into the incubator.
In keeping with Apache practice, I'd like to allow 72 hours or so for
the vote to close, so please vote by 11:59PST on Thursday July 13th.
The current proposal is here: <http://wiki.apache.org/incubator/
HeraldryIdentityProposal>, and I've included the full text below.
My vote is +1
Ted
----------------------------------
= Proposal =
This is a proposal to create a project within the Apache Software
Foundation to develop technologies around the emerging user-centric
identity space. The project would utilize Yadis [1] for URL/XRI-
based service discovery and OpenID [2] for web based single-sign-on
and the basis of exchanging profile data. Yadis is currently being
standardized within OASIS as part of the XRI effort, within a TC
committed to creating royalty-free work, and OpenID has emerged as a
de-facto specification. The two initial components of the project,
downloadable perspective, would be an Identity Provider application
and libraries in various languages that implement Yadis and OpenID.
The initial goal would be to both provide an out-of-the-box
application as well as the required libraries for other developers to
integrate Yadis and OpenID into their existing applications.
To provide some background, the Higgins Project is being actively
developed within Eclipse and is a framework that will enable users
and enterprises to integrate identity, profile, and relationship
information across multiple systems. Using context providers,
existing and new systems such as directories, collaboration spaces,
and communications technologies (e.g. Microsoft/IBM WS-*, LDAP,
email, IM, etc.) can be plugged into the Higgins framework.
Applications written to the Higgins API can virtually integrate the
identity, profile, and relationship information across these
heterogeneous systems. They current have integration with
Microsoft's CardSpace and we'll be working with them over the next
few months to add support for OpenID. It hasn't yet been determined,
nor does it need to be right now, if the code to tie OpenID into
Higgins will live within Apache or Eclipse.
= Rationale =
While identity systems such as X.509 have existed for many years, and
more recently SAML and the Liberty Alliance framework, only within
the past two years has there been a true emergence of user-centric
technologies. Pursuant to Kim Cameron's laws of identity,
technologies such as LID, Yadis, OpenID, and Sxip were defined to put
control of a person's digital identity back into their own hands.
Both Yadis and OpenID have reached a point where they have millions
of users and a strong community backing. On May 28th 2006, Brion
Vibber of WikiMedia announced in a Google Tech Talk that WikiPedia
would support both of them within the following month. This sort of
broad adoption and traction has not been seen with other technologies
of this kind in this space.
By bringing these technologies to one place, these communities will
have a place to fully converge and continue the development of
interoperable implementations. Additionally, by working with the
Higgins Project, ASF will be able to provide a foundation where a
person can use one or more digital identities consistently across
blogs, eCommerce sites, and portals as well as even high-risk
transactions via their desktop computer.
Currently Apache does not offer any project such as the one being
proposed. Integration with projects such as Lenya would definitely
be encouraged.
= Initial Goals =
* Expansion of Yadis and OpenID libraries into additional languages
beyond the existing Python, Ruby, Perl, and PHP libraries
* OpenID authentication specification revision to fix known
security considerations, investigate compatibility with the DIX IETF
proposal, describe Yadis integration, and allow either an URL or XRI
be used as the End User's Identifier
* Continue the development of a data transfer protocol on top of
OpenID to allow the exchange of profile data as well as other secure
messages
* Investigate existing mechanisms for profile exchange, namely Sxip
2.0 and SAML, and investigate how they would be layered atop OpenID
* Integration of the OpenID Authentication protocol with the
Higgins framework to provide desktop integration
* Extension of OpenID to support non-browser based authentication
use cases. ie authentication to a Subversion server, creation of
mod_authnz_openid, using your OpenID Identity without modifying the
svn client-side tool
= Known Risks =
== Commercial Interest ==
* Many companies are currently working to build businesses
supported on top of these technologies. As part of the code
contributions, VeriSign will contribute source to their Personal
Identity Provider to provide a complete base with both libraries and
a sample application. VeriSign intends to continue development of
the PIP and to contribute it within ASF, although it hopes others
will contribute to it as well.
This proposal is not the result of an orphaned or abandoned project,
but is the result of the continued emergence of a strong community
around these technologies. Many of the initial contributors have a
strong tie to the Open Source community and do not rely on their
salaried position to continue contributing code.
The OpenID and Yadis communities have both been built on a foundation
of meritocracy with open discussions to shape the technologies. The
initial committers certainly see the value in the Apache brand and
believe the emerging community will benefit from further widespread
collaboration as well as give the existing developer community a
place to converge and create a community that will outlive the founders.
= Initial Source =
OpenID has been in development since the summer of 2005. It
currently has an active community (over 15 million enabled accounts)
and libraries in a variety of languages. Additionally it is
supported by LiveJournal.com and is continuing to gain traction in
the Open Source Community.
Yadis has been in development since late 2005 and the specification
has not changed since early 2006. Like OpenID, it has libraries in
various languages and there is a large overlap between the two
communities. The specification is currently being incorporated in
the XRI Resolution Working Draft of the OASIS XRI TC (which operates
under a 100% royalty-free IPR mode as detailed in the XRI TC charter
at http://www.oasis-open.org/committees/xri/charter.php.)
= Source and Intellectual Property Submission Plan =
== Initial Submissions ==
* The OpenID specification and content on openid.net from Brad
Fitzpatrick of Six Apart, Ltd. and David Recordon of VeriSign, Inc.
* The domains openid.net and yadis.org from Brad Fitzpatrick of Six
Apart, Ltd. and Johannes Ernst of NetMesh, Inc.
* OpenID libraries in Python, Ruby, Perl, PHP, and C# from JanRain,
Inc.
* Yadis libraries in Python, Ruby, Perl, and PHP from JanRain, Inc.
* OpenID and Yadis test suites from JanRain, Inc.
* OpenID libraries in Perl from Brad Fitzpatrick of Six Apart, Ltd.
* OpenID Consumer Ruby on Rails plugin from VeriSign, Inc. and
EastMedia Group.
* PHP based OpenID Identity Provider from JanRain, Inc.
* Patch to enable OpenID and LID support in MediaWiki from NetMesh
* Yadis conformance test suite from NetMesh and VeriSign, Inc.
We will also be soliciting contributions of further plugins and
patches to various pieces of Open Source software.
== Additional Submissions ==
* Source of the Personal Identity Provider from VeriSign, Inc. and
EastMedia Group, Inc. ideally by August 1st, 2006.
= Resources =
We foresee only standard Apache developer resources to be created.
Mailing lists:
* heraldry-dev
* heraldry-commits
* heraldry-user
Subversion repository:
https://svn.apache.org/repos/asf/incubator/heraldry
Jira project
= Documentation =
[1] Information on Yadis can be found at:[[BR]]
http://yadis.org [[BR]]
http://www.openidenabled.com
[2] Information on OpenID can be found at:[[BR]]
http://www.openid.net [[BR]]
http://www.openidenabled.com
The mailing list for both OpenID and Yadis is located at:[[BR]]
http://lists.danga.com/mailman/listinfo/yadis
[3] Information on the Eclipse Higgins project can be found at:[[BR]]
http://www.eclipse.org/higgins/
The OpenXRI mailing lists are located at:[[BR]]
http://mail.idcommons.net/mailman/listinfo/openxri
= Initial Committers =
* David Recordon ([EMAIL PROTECTED])
* Andy Dale ([EMAIL PROTECTED])
* Brad Fitzpatrick ([EMAIL PROTECTED])
* Brian Ellin ([EMAIL PROTECTED])
* Dan Lyke ([EMAIL PROTECTED])
* Dan Quelhorst ([EMAIL PROTECTED])
* Drummond Reed ([EMAIL PROTECTED])
* Johannes Ernst ([EMAIL PROTECTED])
* Jonathan Daugherty ([EMAIL PROTECTED])
* Josh Hoyt ([EMAIL PROTECTED])
* Les Chasen ([EMAIL PROTECTED])
* Matt Pelletier ([EMAIL PROTECTED])
* Michael Graves ([EMAIL PROTECTED])
* Paul Trevithick ([EMAIL PROTECTED])
* Steve Churchill ([EMAIL PROTECTED])
* Trotter Cashion ([EMAIL PROTECTED])
* Wil Tan ([EMAIL PROTECTED])
= Apache Sponsor =
We respectfully request that the Incubator PMC sponsor this project.
= Apache Champion =
Ben Laurie ([EMAIL PROTECTED]) – Champion and Mentor[[BR]]
Paul Querna (pquerna apache.org) - Mentor[[BR]]
Ted Leung (twl apache.org) - Mentor
= Contact =
David Recordon, Innovator for Advanced Products and Research[[BR]]
VeriSign, Inc.[[BR]]
487 East Middlefield Road[[BR]]
M/S MV6-2-1[[BR]]
Mountain View, CA 94043[[BR]]
Email: [EMAIL PROTECTED]
Phone: +1-650-426-4424
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
