Johannes Ernst’s Blog

The News Never Changes

Found in San Francisco. Guess the news is the same today as it was in 1897.

Push vs. Pull in identity — sounds familiar?

The blogosphere is buzzing over Bob Blakley’s recent presentation at the Gartner/Burton Catalyst conference. The issue seems to be this, as expressed by Ben Goodman of Novell:

According to Blakley’s assertions, identity management today is based on a “push” model as IdM applications centrally store user entitlements and those entitlements are “pushed” out to the applications so that users with the appropriate rights can access them … Blakley contends that this model is broken and that a new identity paradigm needs to emerge now. One where user access privileges are “pulled” at the time of use to the application or service the user wants to consume…

Why does this sound so eerily familiar? We had that same argument in the early days of OpenID! (For one thread, see here.)

My argument at the time was centered around LID and is the same as Bob’s: Pull is vastly preferable. With the widespread implementation of oAuth (which follows the pull model) and corresponding lack of OpenID AX implementations since (using push), I think I rest my case.

The sad part is that it’s 4 or 5 years later, and only now is that same discussion starting in the enterprise. Why did it take so long? Even back then, we weren’t exactly trailblazers: arguably the web’s (HTTP’s) success depended wholly on it being built around pull … even for things like RSS feeds that arguably look like “push” to the user.

The New New Open Stack

Seems there’s a new kid in town. The old kid was the Open Stack for identity and social media protocols, or as I sometimes referred to, the Open Pile.

Today, Rackspace and a few other companies apparently announced a new Open Stack, which has nothing to do with the old one. Instead, it appears that the Number two player in cloud servers (#1 is Amazon, #2 is Rackspace) is getting heads-first into an API war with Amazon (and Eucalyptus) over how to interact with cloud servers.

Interesting … let’s hope this stack stays up! ;-)

Update: here’s the announcement:

Today is a big day for Rackspace® Hosting. We announced a new project that we believe will change the way the cloud is developed and it’s called OpenStack™ – an open source cloud platform designed to foster the emergence of technology standards and cloud interoperability. In short, we will be opening code on our cloud infrastructure for public use.

The initial components being released through this project include the code that powers our Cloud Files (available today) and Cloud Servers (expected available late 2010). This project will also incorporate technology provided by other open-source projects. We expect to be joined by leaders in the technology industry and others to drive a deployable totally open cloud solution through this project.

Why are we doing this? Historically, most cloud offerings have been built on proprietary or closed platforms that create lock-in and make migration difficult. With OpenStack, any interested party – including our peers, Solution Partners and customers – will be able to collaborate with us to author, improve and expand OpenStack technologies.

What does this mean for our customers and Solution Partners?

No fear of lock-in
Flexibility in deployment for a highly elastic commodity cloud
A bigger, more robust ecosystem for more tools, better capabilities and a stronger platform
Freedom to decide how you want your cloud
OpenStack is an innovative, open-source cloud computing solution for creating, managing and deploying scalable elastic cloud services. Through the ongoing development of this project, we will be able to drive greater industry standards and help increase the speed of cloud innovation. As the leading specialist in the hosting industry, it is simply our responsibility.

In addition, we look forward to bringing enhancements made to the OpenStack project to our own product offerings in the future.

We are excited about this new chapter in Rackspace history and even more thrilled that you are able to share it with us. If you have any questions, please contact us here.

Sincerely,

A. Lanham Napier
President & CEO

The Best and the Worst of Times: Whence Internet Identity?

The 10th Internet Identity Workshop this week had record attendance. Since that first one, five years ago, amazing adoption has happened: pretty much all major technology companies have implemented, more than a billion identities in the market, tens of thousands of sites accept them, more people show up to IIW — it must be the best of times.

But it is also the worst. To quote Phil Windley’s summary (go there, read the whole thing, it’s worthwhile):

InfoCards are largely dormant at this point. Kim Cameron, the father of InfoCards, has abdicated to France…

The only other player, Azigo, isn’t releasing updated selectors either… All of this adds up to a situation where no one would be comfortable adopting InfoCards…

OpenID continues to thrash towards becoming a viable solution. The politics surrounding OpenID are worthy of a soap opera…

If Phil had the harsh words for Cardspace and information cards this week, I guess I had the harsh words for the OpenID camp last week, calling what’s being developed there the Open Pile: turns out not one person (neither on the blog, nor in person) that I talked to this past week disagreed with my diagnosis; most agreed enthusiastically. But then everybody tends to turn around and has great fun adding more overlapping versions of protocols to the pile. Somebody go figure, because I don’t get it. How do we accomplish our vision of portable internet identity if we add more incompatibilities and never remove any?

So where does this leave us? Twelve steps forward and eleven back, taking two detours in the middle. Or something like that. The movement goes on. Thrashing, like a soap opera, as Phil says. There’s a pony in there somewhere waiting to come out, as John Panzer commented. Well, that pony better be patient.

Let’s Implement the Open Pile! It’ll Be Great!

You are not on the bandwagon yet? You are so behind the times! Haven’t you heard that the web is now social, and user-centric, your customers are in charge, they create and remix and share and rate and activity stream and manage you, the vendor, and you still haven’t implemented the Open Pile!

Ehm, I mean the Open Stack, sorry about that, a slip of the tongue here. The community has been working together hand in hand to define these exciting new standards, singing kumbaya all the time, how can you not have implemented them and look your manager into the eye?

So let’s get started right away. You need to implement OpenID for login, with NASCAR buttons so it’s easy for your users, not too many, not too few, and yes, a text field for those other identity providers, with of course a non-Javascript fallback, and information card detection in case somebody runs Vista or is an AAA member, and OAuth, well, there are several incompatible versions just like with OpenID and of course you have to support 2, 3, and I don’t quite remember how many more legs, which should of course do the hybrid with OpenID, rooted in cutting-edge discovery in all the needed ways: just three ways from Yadis, two from OpenID, some new well-known locations with LRDD and sometimes you have to check with Google directly, of course you have to be prepared to accept URLs, e-mail addresses, PPIDs and unreadable URLs as identifiers, claimed and proven, I’m sure your website folks figure out how to map them to their databases in no more than a few weeks, then you automagically (imagine!) get your user’s first and last name and e-mail address via SREG or AX (but there might be incompatible schemas) or Portable Contacts or Microformats, yeah, no provider supports all of those and many don’t support any but that’s just an implementation detail, and boy all the great info you will get via xAuth any time soon now and then you can publish activity streams and you even will make the Salmon run upstream! It’ll be SO GREAT!!

If I knew how to draw cartoons, I’d have a field day here.

No wonder Facebook is winning with a proprietary stack.

As we go into IIW next week, guys, it’s time to get real. It’s either we cut 80%+ off this pile, and make the remainder actually work, or give up. I just hope there won’t be proposals for more protocols next week. What about we all propose which 90% of our favorite pet projects we are willing to kill? The alternative, I’m afraid, is the way UNIX has been going in the face of first NT, and then Linux. “Open” means nothing if it’s just a pile.

P.S. Thanks to Kaliya for encouraging me to get this off my chest and annoy some people if it has to be that way.

Next Page »