Saturday, March 01, 2008

DotNetOpenId: What's coming

I've been contributing heavily to the open source DotNetOpenId project for the past few weeks.  It's been pretty stagnant for the past year or so and people were complaining.  I had some vested interest in the project as I had previously contributed my ASP.NET OpenID login controls to the library, so I thought I'd start work on it again.

We now have an updated project roadmap and a document of significant differences between versions.

I added several requested features and bug fixes to a recent 0.1.1 release.  Much more exciting will be the upcoming 0.1.2 release because it will enable sites that run with partial trust (shared hosting) to use DotNetOpenId, and the requirement for using session state is gone. 

But what's really exciting...

But what's really exciting (for me) is that in addition to these important enhancements, the 0.2 version of the library is taking shape.  We've long planned to refactor the library after it was ported from its python->boo->C# heritage.  There were dozens of classes and several namespaces and I cannot imagine anyone using the library without copying and pasting huge blocks of code from the sample web sites that were also provided.  One of my primary goals in refactoring the library has been to change that.  Although we will of course still provide sample web sites, the amount of code that a site must hand-write has been cut down dramatically.  And there are only a few public classes left, so discovering how the library works using nothing but Intellisense becomes more likely and easier.

Along with all this refactoring comes better support for OpenID extensions.  Version 0.1 already supported simple registration (sreg), but beyond that using any custom extensions was too difficult.  In 0.2 not only are all custom extensions very easy to install and use, but the library itself uses that mechanism for the simple registration extension that comes with the library, so you know it's gotta be good.

Unfortunately, almost everything was 'public' in the 0.1 library, so with this refactoring almost everything that was there--correction: everything that was there is not there any longer.  The namespaces have all either changed or disappeared from public exposure.  The individual changes are too many to list, and it would bore you anyway.  Just download the new 0.2 version (when it is released, or you can get the sources from trunk now) and explore the new stuff.  Anyone who is already using the 0.1 library is in for a potentially rough upgrade path unfortunately, but the new library is so much easier (to use and to maintain) that I think the effort will be worth it.

So what about OpenID 2.0?

The library, including version 0.2, will only support OpenID 1.1.  OpenID 2.0 is a significant step up and we're going to add support for that in what we're calling version 0.3 of DotNetOpenId.  It looks like much of the code to support OpenID 2.0 has been in the library since its earliest versions, but it hasn't been 'turned on', and probably has some more work to be done before that. 

What else is happening?

Well we discovered a few security problems with the library that have been fixed in trunk and some have already been ported to the 0.1 branch.  We have tons of unit tests to write both to verify that correct behavior continues and to look for more bugs.  Our testing right now consists of a dozen small unit tests and ad-hoc testing against this or that OpenID provider, and usually it's limited to testing our own consumer against our own provider, so there's room for improvement there.

Will the current rate of development continue?

Not if I am the only one to have anything to do with it.  I've spent such a huge amount of my 'spare' time working on this the past several weeks that it has been unhealthy for my family and personal life.  Although I've loved working on it, and I plan to continue, once most of the 0.2 work has been done I plan to slow way down.  Maybe write a bunch of unit tests over a period of months.  And of course keep fixing bugs as people file them.

1 comment:

  1. Anonymous8:32 PM

    This is Great. Thank you for doing this. I would love to support OpenID so I will be watching closely.

    ReplyDelete