Zend_Service_Openid Is dead; But It’s Reincarnation Is Coming
Back in February of this year I started the process of proposing a PHP5 OpenID and Yadis library for the Zend Framework. This was to be based on a proprietary implementation (IP clean, I hold the copyright) I had started working on. After posting some questions to the mailing list before adding any additional formal proposals, I have learned another OpenID library for the Zend Framework is also in progress within Zend.
The upshot of this, given it’s a Zend sponsored library, is that I feel like there’s little choice but to abandon my own version of a proposal for the framework. So it’s status is “withdrawn” at this moment as is Zend_Service_Yadis, being a linked proposal. The library itself is not being abandoned, far from it as it has always been my intention to release it under a New BSD License and that plan is not wavering.
Now it’s been a few days since I learned this. So I’ve calmed down a little , and look forward to a review of the Zend code which Andi kindly asked Dmitri Stogov to supply. I can’t help but pass some comments however (not as “rant and rave” as I might have posted on Saturday though ). The first is that it is frustrating to have a second Zend Framework OpenID library start and for the team behind it to miss the existing effort totally. I had posted to the mailing list back in February, put a formal Zend_Service_Yadis Proposal on the Wiki in plain sight (a significant piece of supporting OpenID 2.0), and blogged about it a few times. The simplest of research tactics (Google for “zend openid” and guess who owns the first page of results ) could have avoided this. Secondly, this second project has never been notified to the Zend Framework mailing lists, something I had thought was part of the Proposals Process before writing a formal proposal. This entire scenario only ever cropped up because a decision was made away from the public eye. If it had been announced, I could have joined the team and contributed my ideas and code at that time.
It’s very disappointing this has occurred and I urge Zend to publicise their future Zend Framework proposals rather than developing them in the dark and springing a last second surprise. It could save some other poor soul from a shock in the future .
However what remains to be seen is how the Zend proposal plays out. My own proposal took a particular approach to OpenID. OpenID is a complex set of specifications, something the JanRain library makes abundantly clear. But in isolation, its parts are relatively simple. My proposal would have advocated the separation of concerns to a large extent – something I feel has been amiss with the framework in many places. The core of this proposal has been to pick apart OpenID 2.0 and split it into many components which are completely decoupled from an OpenID specific class, and therefore are completely reusable Framework-wide and also add far more value than highly coupled methods.
If the Zend OpenID library does not take this approach, then it still leaves the field open for a fair proportion of my library to end up being proposed for the Framework (e.g. Zend_Crypt, Zend_Math_BigInteger) so that components have a central reserve of reusable code. For example, Simon Mundy seems very supportive of a standalone HMAC implementation for Zend_Mail (something a Zend_Crypt proposal would include). How many others would like to see RSA, XTEA, Diffie-Hellman (with Wez Furlongs awesome incoming openssl support included!), and company standing alone and begging for reuse?
Going by very recent information from Dmitry Stogov at Zend, it’s even possible the original Zend_Service_Yadis proposal I initiated can still make it through the proposal process. So I may yet publish my non-OpenID proposals to the framework wiki.
In the meantime however, I’m left with an OpenID library in PHP5 that’s nearing completion (OpenID 1.1 is just about there, and 2.0 a short distance beyond that) and appears bereft of a framework route. This, fortunately, was not the only distribution path I had considered so there’s still a few possibilities to explore.
If you’re one of those following this saga since February, stay tuned . A PHP5 OpenID library (sorry, two ) are incoming. Yep, silver lining and all that…
|Print article||This entry was posted by Pádraic Brady on June 18, 2007 at 11:35 am, and is filed under Openid and Yadis, PHP General, PHP Security, Zend Framework. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site.|