Sep 192007

This is the first of a series of posts on Sun Microsystem‘s OpenID@Work service, which is an OpenID Identity Provider available for use by Sun employees.

[Update: I was asked what the purpose of these postings is – it’s simply to share our experiences in the hope that they’re helpful to others.]

I was part of the team that put up the OpenID Identity Provider. I wrote a lot of the pages, revamped Sun’s default style sheet to work with the HTML I wanted on the pages, and took part in all the discussions about policies and security. I’m also the “data steward” for the IdP, responsible for ensuring that our policies regarding data privacy are carried out. Given that range of tasks in the project, it’s no surprise that when we divvied up the areas for blogging, I picked the policy questions, and other people on the team will blog about other areas. We’ll be cross-linking to each others’ posts, of course. For example, here’s Gerry’s introduction.

One of the good things about working for Sun is that there are a lot of people with relevant expertise, who also understand the need to be flexible. We spent a lot of time discussing the user policy with the people in the Chief Privacy Office (who also let me write it in language people can understand), we had security experts review not only the deployment but also the OpenID specification (they’ll be blogging more on those aspects themselves), and on the technical side many people went out of their way to help. As an example, I spent most of one weekend trying to figure out a weird MIME type problem with the web server with Murthy Chintalapati (aka cvr), him emailing “try this”, me emailing back “nope, didn’t work” until we eventually solved the problem. In this series I’m going to be talking about a few of the issues we discussed, and how we resolved them. This is not to say we came up with perfect solutions, or that they are necessarily applicable to other companies or circumstances, but at the very least they will give you things to think about if you’re considering a similar project.

We were heavily influenced by Sun’s experience with blogging, to the extent that many of our discussions about “should we do this” were answered by “ did it successfully and here’s how”. The similarity between the user policy documents is no coincidence, for example.

If you’re looking for technical documentation on Sun’s OpenID system, try Hubert Le Van Gong’s infrastructure description and OpenID @ Work – Architecture.

/* ]]> */