Identity and Authentification

Where it is going ??

Various organisation are working on the problem and its solutions. They produce specification draft, Use case studies, they try to attract members who are waiting for a solution to emerge.

Main players: OpenID & OAuth

OpenId is divided in two: OpenID 2.0 and OpenID Connect. It may be a real plus when linked with WebID, but is still experimental. The decentralized aspect is nice, but I am not sure if people are really concerned. Depending entirely on Facebook doesn't seem to bother anyone. So OAuth or even a proprietary Facebook protocol may seriously reduce OpenID success.

OpenID is supported by Google, Microsoft (LiveID = OpenID), and the US Governement (http://www.idmanagement.gov/)

OAuth 2.0 (IETF) looks like the most successful protocol. It can be used to login even if it was not its first goal.

OpenID and OAuth have a good adoption, which is critical for being relevant in the Identity space. 

The US "Federal Identity, Credential, and Access Management" (ICAM) validated OpenID 2.0 and SAML 2.0 as Trust Framework. They provide some good documents.

Experiments: WebID & BrowserID

WebID (W3C)

• takes some idea from Microsoft InfoCard abandoned attempt (after the failed Passport attempt)
• Avoid the hierarchical trust model used to authenticate servers
• could moves toward a Web Of Trust, but does not even mention it.
• Looks like it uses RDF to express Trust relationships ?

BrowserID https://browserid.org/ is a Mozilla Labs experiment with the simplified version of the "Verified Email Protocol". It is very simple and web oriented. It doesn't seems to be very successful so far.

Others ??

Usages

Identity in the Cloud (OASIS) is "just" a long and freightening list of use cases. For those who don't see the problem, it is a good read !

JSR 351 is a work in progress "to define API ... that facilitate the use of identity by applications ..." . It will bring standard Java API to well established standards: OAuth, OpenID ... and also annotations to avoid lookups.

Scala, Typesafe, SBT, IntelliJ IDEA, Specs2, Play, Tests ...

Scala has a great ecosystem evolving from developers needs. 

Everything is not "IDE integrated", but I kind of hope that it will stay this way. I don't like menus that fill up the screen.

As a reminder, here is the path I followed:

1. Go to Typesafe:
   1. Download Scala (the "Typesafe Stack").
   2. Play with the REPL (the console)
   3. Read the free e-book
2. Download SBT, if not already done
   1. Create a project (you just have to follow the quick start)
   2. Configure the SBT project to use the sbt-idea plugin
   3. Run gen-idea to create the IDEA project files.
3. Launch IntelliJ IDEA 
   1. Get the plugins: Scala (and optionnaly SBT, it will only display the SBT console in IntelliJ.)
   2. Open the created SBT project
4. You are already TypeSafe, go to Test or Spec safety also
   1. There is no one true path like JUnit here, you will have to choose
   2. SBT integrates with 3 main players.
   3. I choose to go with Spec². Simply configure SBT to use it.
5. As for the Web frameworks, Lift and Play are kind of associated with Scala
   1. I choose Play 2.0. It is very early and lacking functinonality ! Depending on what you want to do, Play 1 has a more mature Scala Module.

So it is not obvious, but nicely incremental. The starting points are SBT and REPL. From here you choose a IDE and a testing framework.

The rest really depends on your specific needs.