JISC and Bob 'RL' Morgan initiated a discussion on IdP discovery usability that inspired me to try to summarize my thoughts on the topic.

What is bad today? - Examples from real life

UK Access Federation

In a UK federated service, you would need to know that you must click Shibboleth login (notice: a name of some piece of software), in order to get to a discovery service. A SP-specific IdP Discovery Service today in UK Access Federation will present you with a drop-down box of approximately 750 entries listing universities. It takes quite some time for a browser to scroll to the bottom. When the user goes to the next SP, he/she is blessed with the wonderful SSO experience with simple login, but before that happens, the user is presented with the same question and 750-entries-long drop-down list.

Question or answer?

When a danish user goes to a Kalmar Union service, and is presented with a IdP Discovery Service service asking something along Where are you from?.

If you have created an account on the Feide OpenIdP, you may now use that account to login to any OpenID site. You may also setup your blog to point to OpenID for authentication - then you will get your blog URL as an openID, and you will be asked for username password on Feide OpenIdP.

• View information about how to setup and use OpenID with OpenIdP

SimpleSAMLphp a long time ago contained both an OpenID Consumer and an OpenID Provider, the days when simpleSAMLphp was not modularized.

Then, there was a major upgrade of the OpenID Consumer part, where the code was modularized and updated. The Provider part then disappeared...

Now, Olav brough back the OpenID Provider, in a fresh re-written modularized form.

• OpenID Provider Module Documentation

The code is available in subversion, and will be part of the 1.5 release later this month. Please start testing it and report any problems.

May be it is time for us to re-launch our experimental Feide OpenID Service?

SimpleSAMLphp now have experimental support for OpenID Consumer. Check out latest version from trunk and enable the openid module to test it.

OpenID Consumer support is beeing worked on, and will soon be ready for testing. The janrain OpenID library included with simpleSAMLphp is now upgraded to the latest 2.x version.

Unfortunately the OpenID Provider part of simpleSAMLphp has not been maintaned, and did not work.

I've fixed. But still, this part is in beta status. I've plans to add support for OpenID Consumer very soon. As well as upgrade to latest JanRain library to support OpenID version 2.0.

I figured out I had to take a bit more part of the OpenID community to see what's up. First thing I realized was that I was missing something fundamental: a i-name.

So I went out shopping (yes, i-names cost money). Beeing a mac-user I went for the i-broker (I think it is called that) with the roundest edges and most vivid colours: equalsyou.com.

Now =andreas is my new name, and I'll try figure out what I can do with it. I understand I have to understand how URI becomes IRI becomes XRI and are described with XRDS documents exchanged with XDI somehow, and that it solves all possible problems with identities and identifiers. Now, I need to get some sleep.