This weekend Six Apart will be hosting the first OpenIDDevCamp which is inspired by BarCamp, SuperHappyDevHouse, iPhoneDevCamp and MacHack, to develop web-based applications that use OpenID. It is a non-commercial event, organized by volunteers, with attendance free to all. By the completion of the weekend event we want to OpenID-enable many public web sites as well as grow the ranks of the OpenID community. The event will be held at the San Francisco offices of Six Apart, and out-of-town guests are certainly welcome.

Attendees will include web designers, developers and testers all working together over the weekend to enable OpenID on their sites or just learn more about this technology. Bonus points go to folks who can help make OpenID more accessible to general users. Development projects will include both solo and team efforts. While some attendees will wish to work solo during the event, we encourage attendees to team up, based on expertise, to work in ad-hoc project development teams. All attendees should be prepared to work on a development project during the event.

If you’re already in San Francisco or will be coming into town for MacWorld, want to learn more about OpenID, you should definitely drop by.  Please RSVP for OpenIDDevCamp on Upcoming.  Maybe you’ll even find out from Yahoo! what is going on with OpenID tags on Flickr?

Its taken us months of effort but I’m happy to announce that the OpenID Foundation has finalized its intellectual property policy and process. During the 12/13/2007 OpenID Foundation board meeting, we approved the IP policy and process documents.

The gist of this means that we have a process in place that will help the OpenID community to continue to thrive in its efforts. The intellectual property policy helps define how and who can contribute to the project as well as laying out ways to protect those that use the technology.

Huge thanks go out to everyone involved (in no particular order): David Recordon, Bill Washburn, Mike Jones, Kim Cameron, David Daggett, Dick Hardt, Johannes Ernst, Gabe Wachob, Drummond Reed, Martin Atkins and Artur Bergman. There are others I’m sure and I apologize profusely for missing you. We couldn’t have done this without everybody getting behind this effort and I’m really excited what this means for broader adoption of OpenID in 2008.

While its certainly been a long process in the making, we’re now quite excited to announce OpenID Authentication 2.0 and OpenID Attribute Exchange 1.0 as final specifications (”OpenID 2.0″). This morning was the closing day of the Internet Identity Workshop and David Recordon, Dick Hardt, and Josh Hoyt (three of the authors and editors) made the announcement during the first session. Both specifications have evolved through extensive community participation and feedback and each have been stable for a number of months. There are already a variety of open source libraries shipping these specifications with product support including Google’s Blogger (via Sxip’s library) and Drupal who did their own implementation of the specifications. Multiple OpenID Providers including MyOpenID, Sxipper, and VeriSign’s PIP already have support for both of these specifications. Given past trends, growing support of OpenID 2.0 should be no different. Today the following libraries exist which implement OpenID Authentication 1.1 and 2.0, OpenID Attribute Exchange 1.0, and OpenID Simple Registration 1.0:

• JanRain PHP
• Zend PHP
• JanRain Python
• Sxip Java
• VeriSign Java
• JanRain Ruby

As part of the IPR work over the past few months we’ve collected non-assertion agreements from contributors to both of these specifications as well as all past specifications. These agreements are a way for contributors (and others) to formally declare that they will not assert any patent rights against OpenID implementations. You can learn more about the IPR work underway at http://openid.net/foundation/intellectual-property/.

It’s important to remember that this has been the work of many folks not only within the OpenID community but also the OpenID Foundation, AOL, Cordance, JanRain, Microsoft, NetMesh, Six Apart, Sxip, Sun Microsystems, Symantec, Verisign and Yahoo!. Microsoft was instrumental in helping with legal support and guidance combined with the insight of Sun and Yahoo! with their joint work in developing the right language. This is great news as it means that today not only is OpenID 2.0 final, but all of the contributors have sent a strong message that OpenID must be freely implementable world-wide.

We certainly invite you to come and join the conversation and the community on general@openid.net.

As a great way to lead into the Internet Identity Workshop this week in Mountain View CA, both Microsoft and Google shipped OpenID features in beta products this past Friday. Microsoft Research announced an experimental Provider while Google announced the ability to comment on Blogger blogs using OpenID.

As some backstory, this past February at the RSA Conference Bill Gates and Craig Mundie announced Microsoft’s support of OpenID 2.0. (See Read/WriteWeb’s coverage…they’re the first result on Google) Since that time there has been a lot of great progress made which culminates with a posting by Kim Cameron’s (Microsoft’s Lead Identity Architect). In addition to being able to authenticate to MyOpenID.com and VeriSign’s PIP using CardSpace, the promise to develop a specification which conveys stronger authentication was used has seen its second (quite stable) draft. We’re very quickly getting to a world where OpenID can be used to move around the web, CardSpace (or other technologies such as tokens) can be used to authenticate to your OpenID Provider, and the Relying Party can find out that you didn’t use a password at all. In addition to this technological work, Microsoft has been incredibly involved in helping the OpenID Community develop an IPR Policy and Process that can be used moving forward to ensure that future specifications are not patent encumbered. You can learn more about the IPR work underway at http://openid.net/foundation/intellectual-property/.

Up until Friday little had been heard from Google in regards to OpenID support. The Blogger Beta has a very clear interface for both enabling and commenting with OpenID. Additionally as the Blogger team is using the OpenID4Java library mainly developed by Sxip Identity, they should have support for OpenID 2.0 as well. Google has also announced that work is underway to have Blogger operate as an OpenID Provider as well. Many others have written about the Blogger announcement too.

All in all, an extremely great way to finish the week before IIW!

We’ve just published Draft 2 of the OpenID Provider Assertion Policy Extension which replaces Draft 1 from July of this year. This draft adds clarifications to the spec and builds on implementation experiences from JanRain, Sxip, and VeriSign. The main goal of PAPE is to allow OpenID Relying Parties the ability to request and be informed of the use of stronger and phishing-resistant authentication mechanisms. If you’re working with authentication mechanisms beyond just username and password with OpenID, we definitely recommend you take a look at PAPE.

From the abstract:

This extension to the OpenID Authentication protocol provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User. This extension also provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant or multi-factor authentication method.

This extension is not intended to provide all information regarding the quality of an OpenID Authentication assertion. Rather, it is designed to be balanced with information the Relying Party already has with regard to the OpenID Provider and the level of trust it places in it. If additional information is needed about processes such as new End User enrollment on the OpenID Provider, such information should either be transmitted out-of-band or in other extensions such as OpenID Attribute Exchange. Other aspects (e.g. security characteristics, credential provisioning, etc) could be dealt with in the future, though End User privacy concerns must be kept in mind especially when discussing enrollment procedures.

Scott Kveton and I have spent today out in the sunny Tulsa, Oklahoma offices of Vidoop working with their team on a gigantic update to OpenID.net. As you can see, we’ve touched just about every part of the site. The theme is upgraded, content reorganized and rewritten, no longer using a theme system from before the bubble, and a lot of other new tweaks.

As always, the website is an evolving work in progress maintained by the OpenID community. If you’re interested in contributing, or have feedback, join the marketing@openid.net mailing list where the community discusses marketing and evangelism for OpenID. All in all, thanks to everyone who has worked on the new site, I know I’m really excited to see it one step closer to completion!