By Michael Olson | Posted on June 10, 2010
Hello, readers of the JanRain blog. I haven’t posted here before, so I’ll start with a brief introduction of myself. My name is Carl Howells. I’m a software engineer who’s been working at JanRain for a bit over six years now. In that time, I’ve worked on a more projects than I can even remember.
As far as things relevant to the current world go, I was a very early implementer of the original OpenID proposal. My work helped uncover some holes in the initial proposal, and I felt like I contributed some useful bits.
As JanRain continued in that space, I helped with initial versions of the OpenID 2.0 specification, but I eventually moved into handling implementation of the spec, and left writing it to those with more experience writing formal specifications.
In the time since, I’ve worked on all of JanRain’s OpenID-related products. I currently help maintain and develop all of them, with most of my time spent on RPX.
A couple months ago, I was asked if I wanted to attend the 10th annual Internet Identity Workshop (IIW), as our more technical representative. I hadn’t previously attended an IIW, and I didn’t know what to expect. The idea was a bit scary, but I agreed. With some trepidation, I woke up exceedingly early (in engineer time) Monday morning, packed for the trip, drove to the airport, and soon found myself at IIW.
After the intro speech, Kaliya Hamlin (IdentityWoman, the co-founder/facilitator of IIW, and one of the few present I had met before) explained the format. The short version is “anyone can propose any topic for discussion, anyone can join any discussion they like.” Topics were scheduled in different areas of the workshop space at the beginning of each day.
I spent the day checking out various sessions. Some, like the in-depth discussion of David Recordon‘s OpenID Connect proposal, were discussions of technologies directly related to our business. Others were peripherally related to directions future products might take, like Alan Karp’s discussion of Voluntary Oblivious Compliance. Finally, there were a couple that turned out to have no real relation to anything JanRain’s doing, but still fascinated me.
At the close of the day, everyone retired to the dinner generously provided at an excellent Italian restaurant by several of the conference’s sponsors. I spent a short time in a conversation with Eve Maler and several others, the main topic being the seeming death of XML validation. I soon moved on to introduce myself to Nat Sakimura and a gentleman whose name I’ve forgotten from the Dutch government.
We had a long discussion about OpenID, population sizes, and how pretty Oregon is. I had a great time getting to know people working in very distinct government environments. We discussed use cases each government had, and how they’re building their solutions on top of OpenID. It was a great reminder that governments have very different requirements from commercial entities, and that they’re active in getting their needs addressed as well.
Soon dinner was served, and we retired to the hotel afterwards. Brian Kissel, CEO of JanRain, is an alumnus of Stanford. This lets him reserve rooms at the Stanford Guest House. It was a terrifically surreal experience to stay at a hotel that was behind the security checkpoint for SLAC, the Stanford Linear Accelerator.
The highlight of day two was attending Nat Sakimura’s presentation on his OpenID artifact binding proposal, a specification JanRain will watch closely as it progresses in the future. It’s a proposal for detaching the data transfer in OpenID from the protocol exchange itself, resulting in significantly less data sent through the user’s web browser. This also provides opportunities for stronger data protection policies to be developed. It is a clean solution to several different issues we face today, and it allows new features for OpenID in the future as well.
Day three was shorter than the rest, with fewer time slots for sessions, and fewer sessions distributed among those time slots. I spent most of the day talking one-on-one with various people. I was pleased to have Nat Sakimura ask for my thoughts about his proposal for artifact binding, and ask me to join the working group so I could continue contributing in the future.
The biggest standout from the conference was the sheer size of it. IIW 10 was 30% larger than any previous IIW meeting. The involvement from both industry and individuals is taking off, and it’s clear that we’re just seeing the beginning of this movement.
As for me? It’s good to see what’s going on out in the world. But it’s also going to be good to get back to work on the ever-increasing list of tasks on my plate.
Managing identities is a central concern of every enterprise. Almost all businesses have employee…
Why customer experience is essential to (C)IAM success.
Ten years ago identity and access…
From the barista who knows exactly how sweet you like your daily nonfat, caramel macchiato to the…