Tuesday, December 08, 2009

Rest in peace, ExtremeSwank OpenID and OAuth

ExtremeSwankOpenID and ExtremeSwankOAuth, both libraries authored by John Ehn, have been discontinued according to the project sites respective home pages which have a new note that reads: “Note: This … Consumer is no longer in development.”

ExtremeSwankOpenID was stagnant in development lately, and when a recent OpenID vulnerability was identified as impacting the ExtremeSwankOpenID library due to a hidden “feature” in the .NET Framework’s handling of HTTP responses, it appears the library was retired rather than fixed.  This library was one of only two OpenID implementations written in .NET that were recognized in many OpenID circles.  It also touted a unique feature (which I never investigated personally) of allowing desktop applications to use OpenID to authenticate their users.

ExtremeSwankOAuth is one of many .NET OAuth implementations, and the reasoning for its retirement is less clear.

Notwithstanding ExtremeSwankOpenID’s recent lack of development, it was ironically John’s library that was under active development and supported OpenID 2.0 while a very early version of DotNetOpenId wasn’t being developed and only supported OpenID 1.1.  It was seeing DotNetOpenId’s own users switch to John’s library that motivated me to re-engage development of DotNetOpenId, now rechristened DotNetOpenAuth, which is now the only OpenID implementation for .NET that I know of – and a dang good one too if I may say so.

Although I did not know John personally, I’ve shared a few emails with him and he seemed a courteous and motivated programmer.  I wish him well on his future pursuits.

No comments:

Post a Comment