A few months ago I announced a book project:
I enjoy writing, learning in the open, and teaching. I've also been thinking about writing a book lately. I decided to combine all those things into one project about web authentication and authorization!— Ryan Frantz (@Ryan_Frantz) March 3, 2021
Check out https://t.co/1vDHIAYQVE
Sign up for updates incl book outline.
However, I’m not going to write that book.
Leading up to the announcement, I had been evaluating authentication vendors and sundry solutions in the space. I dove into blog posts and RFCs to achieve a deeper understanding of various standards and protocols so that I could better analyze the available options. At times, it was confusing and I thought that perhaps there was an opportunity to build something useful that demystifies online authentication (and authorization) for software engineers.
So I secured a domain, set up a site on Squarespace, and even created a mailing list on ConvertKit. I drafted a few short posts to get the ball rolling and announced the project.
I got ten folks to sign up. I know all but 2 of those folks.
No matter; I knew I did not have any sort of reputation for the content and I had planned to use some of what I wrote in future short-form blog posts. I drafted an outline and began researching the subject more. I took notes and formed some updated ideas.
Something of Value
Now, several months on, I know that I don’t want to continue this project. There are several reasons:
- I’m just not motivated to write it (I’m only marginally motivated to write this post).
- There is already plenty of content available on the subject.
- I started backwards, launching a project without a strong enough signal that there is any significant demand for it.
- In hindsight, I don’t want to write a book. I want to build an experience that is valuable to folks by directly engaging them in the topic and helping them better internalize it.
That last point is the most salient. Web authentication and authorization are complex. Enterprises may prefer SAML; SaaS companies offer OAuth integration with Twitter and Github; lately Ethereum provides a means of identifying oneself (via ENS). And the current standards are being updated as new attack vectors are discovered.
What I truly want to build is a multimedia learning experience that immerses students in the subject matter. Something that allows folks to stand up their own systems to poke and prod and tinker with.
That’s going to take a lot of time and effort. Right now, I’m simply not motivated to build it.