In my bitchier moments I have been heard to say… “OpenID; brought to you by people who didn’t want to read the SAML spec”. I truly believe that the process of enhancing OpenID from supporting its original use cases to supporting a wide range of internet scale activities of varying values will eventually see OpenID evolve to be a fully compliant SAML definable profile.
So I have been asking myself; why has OpenID grabbed so much popularity while SAML, a much more mature, academically respected, ‘robust’ specification has been largely ignored by the cutting edge web 2.0 community…. an image came to me that I think might be profound, at least for me, and this blog seems like as good a place as any for me to try to get it out of my head.
I'm imaging a perfectly planned city… you bring together the best minds in social and urban planning and have them design and build the perfect city. Then you ask people to move to it… it’s big and empty and impersonal, its very perfection is off putting and intimidating. Meanwhile, just down the street there is a collection of mud huts with lots of people milling about, drinking beer and having fun. People are flocking to the village and it’s growing rapidly. The urban planners that built the city say; but don’t you see, you will need all the infrastructure that we have built in order to continue to thrive as a community, you’ll need police, medical and fire services, you’ll need schools and water pumping stations. But still people flock to the village to be part of growing something new and exciting. The villagers say; if we need police, someone will step up and become a police man, if there’s a fire we’ll get together and put it out. The inevitable outcome of the growth of the village seems to be a less well planned version of the planned city. It will, by inevitability, have many of the same features, some less well executed and some surprisingly better than the planned city.
To me, and maybe it’s just me, I know I would much rather be part of the village than move into the city. I might not want to re-invent the wheel but internet identity is a large complex and subtle system, like a city, it isn’t a wheel. Internet identity is going to have very organic qualities… I’m wondering if the growth, the evolution of the organic system isn’t the magic source that will actually humanize internet identity… I think it might be necessary that we start with simple organisms that can evolve, branch and each branch succeed or fail based on their efficacy in their ever changing environment. If two teams of engineers looked out over an early version earths eco-system and one designed ‘the perfect organism’ and the other designed an ameba capable of rapid reproduction and innovation which would you bet on for long time survival?
I’m not saying that the SAML community isn’t also receptive, open, innovating and evolving, they are. I repeat my original statement that I do think that SAML is more mature and ‘robust’ than OpenID… I’m simply trying to understand the juju that OpenID has (at least in my opinion).