What if everybody’s digital identity technologies would seamlessly interoperate with everybody else’s? What if many people could come up with new ideas and protocols, and everybody could build on top of each other’s work without either having to ask for permission, or having to re-invent the wheel?
The recent release of the Yadis 1.0 specification is a huge step into this direction. It breaks identity stovepipes wide open to innovation and new applications. Let me give you an example.
Let’s say you have this really cool idea to integrate presence into digital identity. You think that if people were able to not just authenticate, or just convey information about themselves to websites without having to fill out new forms, but also could convey their presence at PCs, mobile devices, or what have you, the world would be a better place and you’d make a boatload of money in the process. (Now I have no idea whether that is true for this example, but let’s just assume that for the purpose of this example: somebody is having a unusual, but potentially quite intriguing idea related to digital identity.)
Before Yadis, you essentially had to build an entire digital identity implementation yourself, including single-sign-on, attribute exchange, cryptography, message protocols etc. etc. Alternatively, you could make a bet and say: "I believe LID authentication is going to take over the world, that’s why I will integrate with LID and LID only" (because you usually can’t afford to integrate with N different protocols.) But what if LID’s default GPG-based authentication did not take over the world, and some people wanted to authenticate with OpenID‘s Diffie-Hellman approach instead? Or the other way around? Or some other technique suddenly took over? You’d be screwed and all the coding you did would have been in vain; not because your idea about presence and identity was bad, but because you made the wrong bet on somebody else’s technology that was peripheral to what you really wanted to accomplish.
With Yadis, you don’t bet on LID authentication vs. OpenID authentication or whatever other kind of authentication. You only bet that there will be authentication, and it will be discoverable through Yadis. You do not have to bet on which of the techniques will win, because your new idea will work with any of them! And if tomorrow somebody invents the GreatestAuthTechnologyEver protocol, that’s discoverable through Yadis, and it takes over the world in 10 days, you simply sit there, doing nothing, being just very glad you chose Yadis as the framework into which you plugged your new idea. Because it will continue to work just as well.
It sounds a little bit too good to be true, I admit, but I don’t think it is. Here is a actual, real-world example that we just experienced at NetMesh: the LID Profile for Contact Information Management had been designed only with LID authentication in mind, because at the time it was designed, OpenID did not even exist! Through the magic of Yadis, we can (and do!) now run LID profile queries just as well when OpenID authentication is used. Most importantly, the contact information management protocol can and is being used without any changes, and not only that, our code that implements it is also completely unchanged! That’s the kind of thing Yadis allows. Of course, we had to add a code module to understand OpenID authentication to our LID code base, but only in one place, without impacting higher-level functionality such as profile queries, or authenticated messaging, etc. So Yadis allows orthogonal things to remain orthogonal, on a protocol level as well as on an implementation level.
[Side note: a number of people have realized already that this kind of plug-and-play of protocols based on service discovery is in no way limited to identity, and they are right. It wouldn’t surprise me if the Yadis protocol showed up in many places that have nothing to do with identity; its benefits as a simple but powerful, REST-ful service and meta-data lookup protocol the same everywhere, and hard to ignore.]
So here it is: Yadis 1.0, an open standard produced open-source-style in an open, multi-vendor collaboration, and implemented already by a variety of projects and vendors. Thanks everybody in the Yadis community who helped make Yadis happen! It’s a great to see that many companies and individuals can get over (perceived) competitive differences and collaborate to grow the entire market. I feel honored having had the opportunity to work with you all, and look forward to continuing this as we go after even larger opportunities. (I have some ideas …)
The success of the Yadis project as evidenced by the new spec also proves that "open source standards development" is a process that can work just as well as open-source development. Adoption of digital identity technoloies has certainly become much easier, and much safer, in the process. Imagine you’d have to go to your CEO and say "my vendor with the uniquely superior technology (or so you thought) just went out of business, sorry" instead of "we built on Yadis, so even if one of those guys goes away, there’s a whole community of developers and other companies with whom we can do business just as well."
’nuff said, enjoy!