January 17th, 2008

amused, happy
  • mart

Yahoo! embraces OpenID... but 2.0 only

I'm far too late to be merely blogging about the Yahoo! OpenID announcement -- everyone else has already been propagating it well -- but I do want to comment on it.

As many people have noticed by now, Yahoo!'s provider implementation only supports consumers (or relying parties, if you want) that talk the Auth 2.0 protocol. Technically the 2.0 spec allows providers to shun 1.1, but it's not recommended for the reason that I'm sure will become obvious once Yahoo! launches: there's no way for your average end-user to distinguish between a 1.1 and a 2.0 implementation.

Many of the more popular sites have been tracking the development of 2.0 quite closely, so in most cases this will not be an issue. However, LiveJournal and clones thereof continue to support only 1.1 both in their server and relying party implementations. This is quite unfortunate, since LiveJournal is credited as being not only the first implementation of OpenID but also the place OpenID came from, and is possibly going to be one of the first places people look to try out their new Yahoo!-provided OpenID identifier.

LiveJournal's implementation is based on Brad Fitzpatrick's original Net::OpenID package from CPAN, which has unfortunately been somewhat neglected since LiveJournal's OpenID support shipped all those years ago. The guys at JanRain have since done a wonderful job of writing fully-featured libraries in a variety of languages, including Perl. I'm in two minds as to whether it would be better to work on retrofitting Net::OpenID with 2.0 support, which would allow LiveJournal to adopt it unmodified, or to work on making LiveJournal talk to JanRain's Perl OpenID library and eliminate the need for redundantly maintaining two largely-equivalent libraries.

Regardless of the approach, I do think it's important that LiveJournal make the move to 2.0 before Yahoo! releases its OpenID support on the 30th, or a lot of users are going to have a negative experience when they try to log in to LiveJournal with their Yahoo! ID.