Tuesday, April 21, 2009

Kantara, Standards, Open Source Projects

Please pardon the crude title of this post...

On Monday, April 20, 2009 the Kantara Initiative (the server is currently down...) was launched. Although I subscribe to the goals of the initiative I still know too little to make a reasonable decision about it. My feeling is that it is too big. While it certainly helps to have an organisation and most of the legal (IPR, bylaws, etc) stuff is already handled for a new Kantara working group e.g. openFOO/BAR/BAZ I fear that the influence of the big companies might be unhealthy for openFOO. Sure it helps to have supports from experts in e.g. protocol design and standardization to make the openFOO protocol consistent, sound, complete, modular and extensible and everything a protocol or data format should be; but Liberty Alliance, Microsoft, IBM and the other big companies have a tendency to create complex beasts that the normal open source project can not tame.

If some enthusiasts come together, join forces to solve a problem and to make the Internet "suck less" then the outcome is sometimes simple, not modular, not extensible or whatnot but if it solves the problem, well...

A counter example: Yesterday I awoke a 1am (jet lag) and tried the openinfocard selector "against" an IdP that is based on Microsoft Geneva. I imported the Information Card that was issued by that server and boom: openinfocard could not handle it. So I fixed this small problem. (Although this fix will lead to a changed internal format of the openinfocard cardstore and will break existing cardstores. Hm. Sorry). Now I try to use the card and boom: the retrieved WS-Metadata is so complex that the openinfocard selector can not handle it; So I fixed this not so small problem and learned a lot about several of the friendly members of the WS-* family...; and of Mozilla’s E4X implementation. This introduces a new level of complexity to the openinfocard code that surely will lead to trouble in the future.

What does this have to do with Kantara? Well, sure the designers of WS-* are not all members of Kantara but the Liberty Alliance Project has created similar complex specifications (This server is down too; in fact it turns out it is the same server
Now consider you want to implement a cool program on a mobile phone and have to use these standards. Good luck with e.g. ID-WSF and e.g. kxml2. Doable, but this takes probably more than half an hour.

So I am sceptical for small, fast, just-doit openFOO groups.

1 comment:

Anonymous said...

Hi Axel - I think Liberty, its corporate stakeholders, and some of the other large firms you mention all recognised that the "big business" approach is not always the best way to crack some of these problems.

A vital aim of Kantara is to provide a much more inclusive, flexible way of working so that small "just do it" groups can indeed bring their projects in, and can benefit from anything useful which the "big fish" have already worked on, but not get tied into a load of inappropriate process and complexity.

If we can make it work, the outcomes should be better for all concerned...