Upon 2020

The YADIS Meeting Yesterday

Yesterday, the following people from the YADIS.org community met for about 5 hours at Six Apart, which graciously agreed to host the meeting:

  • Steve Churchill, Ootao
  • Mike Mell, ID Commons
  • Nick Ragouzis, Enosis Group
  • Larry Drebes, JanRain
  • Josh Hoyt, JanRain
  • Eugene Kim, Blue Oxen Associates
  • Michael Graves, Verisign
  • Hans Granqvist, Verisign
  • Drummon Reed, Cordance (phoned in part of the time)
  • Byrne Reese, Six Apart
  • Artur Bergman, Six Apart
  • Anil Dash, Six Apart
  • Brad Fitzpatrick, Six Apart
  • David Recordon, Six Apart (host)
  • Joaquin Miller, NetMesh
  • Johannes Ernst, NetMesh (that would be me)

The meeting came about because several of us felt that discussion on the mailing list, while oftentimes intense, kept going around in circles around the issue of the capability discovery protocol, and that we were in need of a white board to come to a decision that met all the requirements. True to the spirit of YADIS, everybody was invited who wanted and was able to come. Recognizing that this might exclude people who could or would not travel to San Francisco, we also had encouraged all members of the YADIS community to enter technical proposals on the wiki that we could then discuss in person. And to make sure everybody got heard, I had asked all self-identified prospective participants what they wanted to discuss and result prior to the meeting. Other than discussion on the name “YADIS”, which we decided to delay, I believe we discussed and resolved everything that came up. (Yeah, in a first meeting!!)

The intense technical discussion most definitely contained during the meeting, but it was clearly conducted in a spirit of openness, the acknowledgement of other points of view, and the willingness by everybody to compromise in order to meet the broadest set of requirements for the broadest possible audience. In other words, to make YADIS is feasible identity framework on an internet scale. Most people who came are implementors and the discussion kept being rooted firmly in what can be done and makes sense from an implementation perspective.

To not stray too far from what was discussed on the mailing list and the wiki, we referred to the wiki quite frequently, helped by David’s laptop and a projector. A number of live edits were also made on the wiki during the conversation, although I’m not aware of anybody not in the meeting “writing back” concurrently.

Instead of picking one of the Draft 002 proposals outright, we were able to merge and amalgamate several of them to optimize along a number of different dimensions:

  • Enabling users to use YADIS for identity without their web site host organization helping them in any manner, as well as web host organizations YADIS-enabling their users en block without the users having to do anything, and of course geeks setting up and controlling their entire experience themselves.
  • Different deployment models from local-only to identity servers separate from the main content servers.
  • Ability for pretty much anybody to plug new capabilities into the basic YADIS framework, which everybody considered to be a crucial YADIS feature.
  • Very efficient capability retrieval under certain assumptions, while enabling functionally correct behavior even under more challenging circumstances (e.g. hosting providers does not allow Redirects to other sites)
  • A clear migration/integration path for LID, OpenID, i-names and other technologies such as Signed Ping (more about the latter some other time).
  • Simplicity for the implementation of relying parties.

To my great surprise, we actually gained agreement and all the issues and everybody seemed satisfied. Joaquin, as the standards draft editor, has marching orders to produce a new YADIS Draft that the community can review (target: end of next week). Before that, the wiki will be updated to reflect the consensus as soon as possible. The attendees committed to taking the time to do that. We want to make sure that although only some members of the community could come to this face-to-face meeting, everybody else has a means to review and comment and influence what YADIS 1.0 will look like. Volunteers Josh, David and Johannes will help coordinate the feedback process.

This was a very encouraging meeting, and I’d very much like to thank everybody who participated and produced input for it for their help. Based on this experience and also the conversations on the mailing list so far, I’m very convinved now that URL-based, bottoms-up identity will become widespread, interoperable, highly innovative and very likely emanating from the YADIS community. There is little doubt in my mind any more that there will be a YADIS 1.0, that it will work for lots of different people and companies, and there is enough commitment by enough people to make it happen, and happen in a matter of weeks or few months, rather than years. I’m also very certain that it will be implemented by a number of parties — some attendees said they wanted to start that very evening! Note that we had representatives of 6 different YADIS/LID/OpenID/i-names implementations participating and pushing for a spec they can all implement in an interoperable manner!

So, to everybody who cares about identity, website accounts, identifiers, passwords, security, accountability and many other related things: this is the right time to start paying attention to YADIS, the grassroots effort to make simple, innovative and interoperable identities ubiquitous. Isn’t that something that you’d like to see, too?

Johannes Ernst