incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: [VOTE] Accept Heraldry into the Incubator
Date Tue, 11 Jul 2006 11:41:20 GMT
+1

(And I'll note now that I'm interested in participating, although can't
commit the time to be a mentor right now.)

Ted Leung wrote:
> It seems like the discussion on Heraldry has died down, so I'd like to
> call for a VOTE on accepting Heraldry into the incubator.
> 
> In keeping with Apache practice, I'd like to allow 72 hours or so for
> the vote to close, so please vote by 11:59PST on Thursday July 13th.
> 
> The current proposal is here: 
> <http://wiki.apache.org/incubator/HeraldryIdentityProposal>, and I've
> included the full text below.
> 
> My vote is +1
> 
> Ted
> 
> ----------------------------------
> = Proposal =
> This is a proposal to create a project within the Apache Software
> Foundation to develop technologies around the emerging user-centric
> identity space.  The project would utilize Yadis [1] for URL/XRI-based
> service discovery and OpenID [2] for web based single-sign-on and the
> basis of exchanging profile data.  Yadis is currently being standardized
> within OASIS as part of the XRI effort, within a TC committed to
> creating royalty-free work, and OpenID has emerged as a de-facto
> specification.  The two initial components of the project, downloadable
> perspective, would be an Identity Provider application and libraries in
> various languages that implement Yadis and OpenID.  The initial goal
> would be to both provide an out-of-the-box application as well as the
> required libraries for other developers to integrate Yadis and OpenID
> into their existing applications.
> 
> To provide some background, the Higgins Project is being actively
> developed within Eclipse and is a framework that will enable users and
> enterprises to integrate identity, profile, and relationship information
> across multiple systems. Using context providers, existing and new
> systems such as directories, collaboration spaces, and communications
> technologies (e.g. Microsoft/IBM WS-*, LDAP, email, IM, etc.) can be
> plugged into the Higgins framework. Applications written to the Higgins
> API can virtually integrate the identity, profile, and relationship
> information across these heterogeneous systems.  They current have
> integration with Microsoft's CardSpace and we'll be working with them
> over the next few months to add support for OpenID.  It hasn't yet been
> determined, nor does it need to be right now, if the code to tie OpenID
> into Higgins will live within Apache or Eclipse.
> 
> 
> = Rationale =
> While identity systems such as X.509 have existed for many years, and
> more recently SAML and the Liberty Alliance framework, only within the
> past two years has there been a true emergence of user-centric
> technologies.  Pursuant to Kim Camerons laws of identity, technologies
> such as LID, Yadis, OpenID, and Sxip were defined to put control of a
> persons digital identity back into their own hands.
> 
> Both Yadis and OpenID have reached a point where they have millions of
> users and a strong community backing.  On May 28th 2006, Brion Vibber of
> WikiMedia announced in a Google Tech Talk that WikiPedia would support
> both of them within the following month.  This sort of broad adoption
> and traction has not been seen with other technologies of this kind in
> this space.
> 
> By bringing these technologies to one place, these communities will have
> a place to fully converge and continue the development of interoperable
> implementations.  Additionally, by working with the Higgins Project, ASF
> will be able to provide a foundation where a person can use one or more
> digital identities consistently across blogs, eCommerce sites, and
> portals as well as even high-risk transactions via their desktop computer.
> 
> Currently Apache does not offer any project such as the one being
> proposed.  Integration with projects such as Lenya would definitely be
> encouraged.
> 
> = Initial Goals =
>  * Expansion of Yadis and OpenID libraries into additional languages
> beyond the existing Python, Ruby, Perl, and PHP libraries
>  * OpenID authentication specification revision to fix known security
> considerations, investigate compatibility with the DIX IETF proposal,
> describe Yadis integration, and allow either an URL or XRI be used as
> the End Users Identifier
>  * Continue the development of a data transfer protocol on top of OpenID
> to allow the exchange of profile data as well as other secure messages
>  * Investigate existing mechanisms for profile exchange, namely Sxip 2.0
> and SAML, and investigate how they would be layered atop OpenID
>  * Integration of the OpenID Authentication protocol with the Higgins
> framework to provide desktop integration
>  * Extension of OpenID to support non-browser based authentication use
> cases.  ie authentication to a Subversion server, creation of
> mod_authnz_openid, using your OpenID Identity without modifying the svn
> client-side tool
> 
> = Known Risks =
> 
> == Commercial Interest ==
>  * Many companies are currently working to build businesses supported on
> top of these technologies.  As part of the code contributions, VeriSign
> will contribute source to their Personal Identity Provider to provide a
> complete base with both libraries and a sample application.  VeriSign
> intends to continue development of the PIP and to contribute it within
> ASF, although it hopes others will contribute to it as well.
> 
> This proposal is not the result of an orphaned or abandoned project, but
> is the result of the continued emergence of a strong community around
> these technologies.  Many of the initial contributors have a strong tie
> to the Open Source community and do not rely on their salaried position
> to continue contributing code.
> 
> The OpenID and Yadis communities have both been built on a foundation of
> meritocracy with open discussions to shape the technologies.  The
> initial committers certainly see the value in the Apache brand and
> believe the emerging community will benefit from further widespread
> collaboration as well as give the existing developer community a place
> to converge and create a community that will outlive the founders.
> 
> 
> = Initial Source =
> OpenID has been in development since the summer of 2005.  It currently
> has an active community (over 15 million enabled accounts) and libraries
> in a variety of languages.  Additionally it is supported by
> LiveJournal.com and is continuing to gain traction in the Open Source
> Community.
> 
> Yadis has been in development since late 2005 and the specification has
> not changed since early 2006.  Like OpenID, it has libraries in various
> languages and there is a large overlap between the two communities.  The
> specification is currently being incorporated in the XRI Resolution
> Working Draft of the OASIS XRI TC (which operates under a 100%
> royalty-free IPR mode as detailed in the XRI TC charter at
> http://www.oasis-open.org/committees/xri/charter.php.)
> 
> = Source and Intellectual Property Submission Plan =
> == Initial Submissions ==
>  * The OpenID specification and content on openid.net from Brad
> Fitzpatrick of Six Apart, Ltd. and David Recordon of VeriSign, Inc.
>  * The domains openid.net and yadis.org from Brad Fitzpatrick of Six
> Apart, Ltd. and Johannes Ernst of NetMesh, Inc.
>  * OpenID libraries in Python, Ruby, Perl, PHP, and C# from JanRain, Inc.
>  * Yadis libraries in Python, Ruby, Perl, and PHP from JanRain, Inc.
>  * OpenID and Yadis test suites from JanRain, Inc.
>  * OpenID libraries in Perl from Brad Fitzpatrick of Six Apart, Ltd.
>  * OpenID Consumer Ruby on Rails plugin from VeriSign, Inc. and
> EastMedia Group.
>  * PHP based OpenID Identity Provider from JanRain, Inc.
>  * Patch to enable OpenID and LID support in MediaWiki from NetMesh
>  * Yadis conformance test suite from NetMesh and VeriSign, Inc.
> 
> We will also be soliciting contributions of further plugins and patches
> to various pieces of Open Source software.
> 
> == Additional Submissions ==
>  * Source of the Personal Identity Provider from VeriSign, Inc. and
> EastMedia Group, Inc. ideally by August 1st, 2006.
> 
> 
> = Resources =
> 
> We foresee only standard Apache developer resources to be created.
> 
> Mailing lists:
>  * heraldry-dev
>  * heraldry-commits
>  * heraldry-user
> 
> Subversion repository:
> https://svn.apache.org/repos/asf/incubator/heraldry
> 
> Jira project
> 
> 
> = Documentation =
> 
> [1] Information on Yadis can be found at:[[BR]]
> http://yadis.org [[BR]]
> http://www.openidenabled.com
> 
> [2] Information on OpenID can be found at:[[BR]]
> http://www.openid.net [[BR]]
> http://www.openidenabled.com
> 
> The mailing list for both OpenID and Yadis is located at:[[BR]]
> http://lists.danga.com/mailman/listinfo/yadis
> 
> [3] Information on the Eclipse Higgins project can be found at:[[BR]]
> http://www.eclipse.org/higgins/
> 
> The OpenXRI mailing lists are located at:[[BR]]
> http://mail.idcommons.net/mailman/listinfo/openxri
> 
> = Initial Committers =
>  * David Recordon (drecordon@verisign.com)
>  * Andy Dale (andy.dale@ootao.com)
>  * Brad Fitzpatrick (bradfitz@sixapart.com)
>  * Brian Ellin (brian@janrain.com)
>  * Dan Lyke (danlyke@flutterby.com)
>  * Dan Quelhorst (dan@abtain.com)
>  * Drummond Reed (drummond.reed@cordance.net)
>  * Johannes Ernst (jernst@netmesh.us)
>  * Jonathan Daugherty (cygnus@janrain.com)
>  * Josh Hoyt (josh@janrain.com)
>  * Les Chasen (les.chasen@neustar.biz)
>  * Matt Pelletier (matt@eastmedia.com)
>  * Michael Graves (mgraves@verisign.com)
>  * Paul Trevithick (paul@parityinc.net)
>  * Steve Churchill (steven.churchill@ootao.com)
>  * Trotter Cashion (cashion@gmail.com)
>  * Wil Tan (william.tan@neustar.biz)
> 
> 
> = Apache Sponsor =
> We respectfully request that the Incubator PMC sponsor this project.
> 
> 
> = Apache Champion =
> Ben Laurie (benl@google.com)  Champion and Mentor[[BR]]
> Paul Querna (pquerna apache.org) - Mentor[[BR]]
> Ted Leung (twl apache.org) - Mentor
> 
> = Contact =
> David Recordon, Innovator for Advanced Products and Research[[BR]]
> VeriSign, Inc.[[BR]]
> 487 East Middlefield Road[[BR]]
> M/S MV6-2-1[[BR]]
> Mountain View, CA 94043[[BR]]
> 
> Email: drecordon@verisign.com[[BR]]
> Phone: +1-650-426-4424

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message