Sun

This week is the start of JavaOne, Sun Microsystem’s conference on all things Java and with it comes an announcement that Sun will be supporting OpenID.

This is really telling news as Sun was one of the key companies to spearhead the Liberty Alliance initiative around federated identity a few years ago. Support for grassroots technologies like OpenID mean that Sun is continuing to expand its offerings in identity. This is great news for OpenID as well as Sun’s customers.

An interesting point in the article is that all of Sun’s 34,000 employees now have OpenID’s. The OpenID server they are using is based on their OpenSSO server they have been working on for quite some time. Now Sun employees can login all over the web on OpenID enabled web sites. Sun is working on ways to OpenID enable their sites as well (of course this usually takes a bit longer no matter the company).

David Recordon is presenting at JavaOne this week about OpenID so the timing is right to get a lot of people really fired up OpenID. Knock’em dead David!

OpenID has been around for almost 18 months now. In its original form, it was extremely simple. As a matter of fact, it was too simple. So OpenID v1.1 came out with the Simple Registration Extension based on user/site feedback. The scope and momentum of OpenID started to pick up with LiveJournal being OpenID-enabled and folks like JanRain, Cordance, Verisign, Sxip and others getting into the mix. The technology evolved, the umbrella grew but the premise remained the same; keep it simple, light-weight and decentralized.

OpenID started with a very simple assumption by one guy. Its grown over time and is really starting to mature as a protocol. Sometimes it takes a person who can just say “screw it, I’m doing it this way” to get something going. I call it the Firefox Effect; two or three people that solve a major pain point can gain adoption quickly. Blake and Ben did it with the original Firefox; not everybody in the Mozilla world was really excited with that product when they did it. Had you gone back to the drawing board from the start and said “Let’s build Firefox” with a team of developers and stakeholders it most likely would have failed. The same thing is true with OpenID. Something like that requires a big push, minimal tact and a serious pain point.

Although announced awhile ago, Sun finally released their Open Source Single Sign-on solution on Tuesday.

It’s great that Sun is embracing open source by releasing their products under the OSI-approved CDDL. I can see some great applications for OpenSSO in the higher education space that is leveraging a lot of Java technologies already. However, I’m still left thinking this is another attempt by a big company to say “Hey! Internet! Come build an eco-system around our product! Look, its Open Source ™!!” Yes, I’m biased. I think there is a better way with OpenID.

OpenID really is a grassroots, bottom-up approach. For something like this to be compelling there can be no hook back to the “mother ship”. Its truly got to be open and decentralized and that’s one of the main reasons people are finding it compelling. Has federated identity failed? In the past, yes. I believe in 5 years, there will be a federated identity that people use all over the Internet; you’ll have one login and it won’t be controlled by anyone but you. OpenID is hopefully going to be the driver of that; the HTTP of identity. Nobody but you should own your identity.