Day one of DrupalCon Barcelona 2007 is over, but my jet lag is not.  I did manage to stay awake for the entire day, but only had time to attend two sessions:

• OpenID: It's in core... now what?   by James Ransom Walker.  

  James is clearly an OpenID advocate and says the risks associated with it are manageable, or at least acceptable.  OpenID has been added to the Drupal 4.7, with updates for 5 and 6 coming soon (I'm not sure whether that's and Iraq pullout-style timetable, or a clever call for volunteers to lend a hand - James did say he could use some help).  This much heralded addition to Drupal gives developers an "out of the box" provider and  relying party status if they want it. It also comes with a new set of concerns for developers whose permutations are myriad: What is the trust model I want to deploy?  What level of protection do my users need from my provider service? As a relying party, what level of authentication do I need from a provider?  How do I choose to providers to accept?   Do I care whether a user's ID is globally unique \*forever\*, or just for now?  The OpenID spec. itself leaves the developer with all of these choices and more.  OpenID's flexibility is both a virtue and a failing.  Maybe someone in the OpenSSO
  community can lend a hand to James and avert the sedimentation of a
  partial solution to an omnipresent problem.  OpenSSO is moving quickly
  to support OpenID provider
  implementations.  It has support for the relevant federation standards,
  and it even has a PHP Client SDK and a PHP library for SAML 2.0 Relying
  Party.  When it comes to Identity Management, I'm not convinced that
  today's "good enough" won't be tomorrow's compliance regulation
  headache or M&A due diligence hiccup.  My vote is for an OpenSSO based identity module for Drupal 5 and 6 rather than an OpenID only module.

• "Enterprise" Drupal  by Ken Rickart.   Ken works for Morris Communications, a very stodgy, family run corporation.  Drupal adoption at Morris would seem a long shot for the traditionalist culture of this media giant.  But with the aid of Ken's obvious leadership and technical skills, Drupal is shaking things up.  If Ken's experience at Morris is any indication, I'd expect we'll hear about more tremors rippling through vaunted institutions and enduring companies triggered by Drupal's "time to market", low cost advantage.  Ken talked about how he rapidly delivered some high value business services to internal users (contract renewal reports) and external media consumers (online editions of local newspapers) with Drupal, demonstrating just how true the "good enough" axiom can be for certain classes of problems, and why that mattered to the big cheese at Morris whose main functions are to manage the bottom line and shake hands with the pros at Augusta National).

I'd better get some sleep.