While its certainly been a long process in the making, we’re now quite excited to announce OpenID Authentication 2.0 and OpenID Attribute Exchange 1.0 as final specifications (“OpenID 2.0”). This morning was the closing day of the Internet Identity Workshop and David Recordon, Dick Hardt, and Josh Hoyt (three of the authors and editors) made the announcement during the first session. Both specifications have evolved through extensive community participation and feedback and each have been stable for a number of months. There are already a variety of open source libraries shipping these specifications with product support including Google’s Blogger (via Sxip’s library) and Drupal who did their own implementation of the specifications. Multiple OpenID Providers including MyOpenID, Sxipper, and VeriSign’s PIP already have support for both of these specifications. Given past trends, growing support of OpenID 2.0 should be no different. Today the following libraries exist which implement OpenID Authentication 1.1 and 2.0, OpenID Attribute Exchange 1.0, and OpenID Simple Registration 1.0:
As part of the IPR work over the past few months we’ve collected non-assertion agreements from contributors to both of these specifications as well as all past specifications. These agreements are a way for contributors (and others) to formally declare that they will not assert any patent rights against OpenID implementations. You can learn more about the IPR work underway at http://openid.net/foundation/intellectual-property/.
It’s important to remember that this has been the work of many folks not only within the OpenID community but also the OpenID Foundation, AOL, Cordance, JanRain, Microsoft, NetMesh, Six Apart, Sxip, Sun Microsystems, Symantec, Verisign and Yahoo!. Microsoft was instrumental in helping with legal support and guidance combined with the insight of Sun and Yahoo! with their joint work in developing the right language. This is great news as it means that today not only is OpenID 2.0 final, but all of the contributors have sent a strong message that OpenID must be freely implementable world-wide.
We certainly invite you to come and join the conversation and the community on firstname.lastname@example.org.