As a first step, we are creating an IdP exclusively for Sun employees. What is the rationale for this, especially since there is an ever growing number of OpenID IdPs available for anybody to sign up? In principal, there is – obviously – no difference. However, the big difference is that by creating an IdP at sun.com and creating a process and policies around account this IdP, we create a trust base for relying parties: anyone accepting a sun.com OpenID authentication is assured that the holder is a Sun employee. This knowledge can be applied to customize the user experience to the Sun employee (e.g. for a special discount).
This IdP is implemented as an extension to OpenSSO/Sun Access Manager. By putting the OpenID protocol on this proven platform, we can simply extend this reliable and secure platform to new set of clients and relying parties, while offering SAML/Liberty federation and authentication from a single IdP. Today, OpenID is still simply another access protocol for relying parties, but going forward combination of OpenID with the power and capabilities of SAML will enable a variety of interesting applications. The extension is also available for OpenDS.
Over the next couple of months, we will release a number of new services and ideas around OpenID. One of the more interesting areas (I think) will be convergence and interoperability. Stay tuned!
Finally, on a personal note: I really enjoyed working with everybody on this project. Given the little time and resources I think we really got this done right.