Monday, March 31, 2008

DotNetOpenId 1.0 released today, 2.0 beta also released

DotNetOpenId 1.0 RTW

The culmination of a great deal of work in refactoring, bug fixing and enhancements can be found in the latest .NET implementation of the OpenId library known as DotNetOpenId v1.0.  It is free and released under the New BSD license, so give it a try!

Highlights of the new version can be found on the project's VersionChanges wiki page, but in short it's much simpler (much smaller public API surface), safer, more extensible, and much better tested.

The huge refactoring job makes it have some breaking changes for upgraders from a previous version, but it should be worth the effort. We're targeting to have 0 breaking changes between our 1.0 and 2.0 releases.

DotNetOpenId 2.0 Beta

Want OpenId 2.0 support?  Try the DotNetOpenId 2.0 beta, also released today and should be officially released as 2.0 RTW shortly.  I'd love to hear about your experience.

While you should watch the VersionChanges page for an up-to-date list, here are some of the major features already in or scheduled for the 2.0 release:

The OpenId 2.0 spec is a huge improvement in usability and security over the 1.x versions, and I'm very pleased that DotNetOpenId now supports it.

How to get started

Whether you download the source or the releases from the Downloads page, you will get a sample Provider web site and a sample Relying Party web site that should make learning how to add OpenId support to your own web sites using this library very easy.  Adding support for your visitors to log in using OpenId couldn't be easier: drop in an OpenIdLogin control from the library on your page and you're done.  There are certainly many ways you can enhance it after that, but it's really that easy.

I've personally contributed a lot of time and effort to this library, and I would love to hear from you if you like it, or have suggestions on how to enhance it.

Saturday, March 01, 2008

DotNetOpenId: What's coming

I've been contributing heavily to the open source DotNetOpenId project for the past few weeks.  It's been pretty stagnant for the past year or so and people were complaining.  I had some vested interest in the project as I had previously contributed my ASP.NET OpenID login controls to the library, so I thought I'd start work on it again.

We now have an updated project roadmap and a document of significant differences between versions.

I added several requested features and bug fixes to a recent 0.1.1 release.  Much more exciting will be the upcoming 0.1.2 release because it will enable sites that run with partial trust (shared hosting) to use DotNetOpenId, and the requirement for using session state is gone. 

But what's really exciting...

But what's really exciting (for me) is that in addition to these important enhancements, the 0.2 version of the library is taking shape.  We've long planned to refactor the library after it was ported from its python->boo->C# heritage.  There were dozens of classes and several namespaces and I cannot imagine anyone using the library without copying and pasting huge blocks of code from the sample web sites that were also provided.  One of my primary goals in refactoring the library has been to change that.  Although we will of course still provide sample web sites, the amount of code that a site must hand-write has been cut down dramatically.  And there are only a few public classes left, so discovering how the library works using nothing but Intellisense becomes more likely and easier.

Along with all this refactoring comes better support for OpenID extensions.  Version 0.1 already supported simple registration (sreg), but beyond that using any custom extensions was too difficult.  In 0.2 not only are all custom extensions very easy to install and use, but the library itself uses that mechanism for the simple registration extension that comes with the library, so you know it's gotta be good.

Unfortunately, almost everything was 'public' in the 0.1 library, so with this refactoring almost everything that was there--correction: everything that was there is not there any longer.  The namespaces have all either changed or disappeared from public exposure.  The individual changes are too many to list, and it would bore you anyway.  Just download the new 0.2 version (when it is released, or you can get the sources from trunk now) and explore the new stuff.  Anyone who is already using the 0.1 library is in for a potentially rough upgrade path unfortunately, but the new library is so much easier (to use and to maintain) that I think the effort will be worth it.

So what about OpenID 2.0?

The library, including version 0.2, will only support OpenID 1.1.  OpenID 2.0 is a significant step up and we're going to add support for that in what we're calling version 0.3 of DotNetOpenId.  It looks like much of the code to support OpenID 2.0 has been in the library since its earliest versions, but it hasn't been 'turned on', and probably has some more work to be done before that. 

What else is happening?

Well we discovered a few security problems with the library that have been fixed in trunk and some have already been ported to the 0.1 branch.  We have tons of unit tests to write both to verify that correct behavior continues and to look for more bugs.  Our testing right now consists of a dozen small unit tests and ad-hoc testing against this or that OpenID provider, and usually it's limited to testing our own consumer against our own provider, so there's room for improvement there.

Will the current rate of development continue?

Not if I am the only one to have anything to do with it.  I've spent such a huge amount of my 'spare' time working on this the past several weeks that it has been unhealthy for my family and personal life.  Although I've loved working on it, and I plan to continue, once most of the 0.2 work has been done I plan to slow way down.  Maybe write a bunch of unit tests over a period of months.  And of course keep fixing bugs as people file them.