[OpenID board] Connect WG

Sun Jun 6 06:16:14 UTC 2010

On Sat, Jun 5, 2010 at 9:18 PM, Santosh Rajan <santrajan at gmail.com> wrote:

> Hi Chris,
>
> After reading your post below. I have a couple of questions.
>
> 1) Instead of calling, the next version of OpenID, as suggested by you
> earlier "OpenID.Connect". Why don't we call it "OpenID.TWITFACE". That would
> be more appropriate. Do you agree?
>

No, I don't agree.

> 2) Who are you working for? If I remember correctly, you are currently
> employed by Google?
>

I am employed by Google and thus I receive a paycheck from Google.

However, I was elected to serve the OpenID Foundation board by the community
for a two year term.

My role on the board is as an advocate for the community and its interests.
If I were put on the board to fill Google's seat, I would advocate for
Google's position. I hope that members of the OpenID community have the
ability to distinguish between both entities, and when I'm speaking at the
behest of one or the other.

If I can keep these two sets of interests separate — sometimes aligned,
sometimes not — I hope others can as well.

Chris

>
>
>
> On Sat, Jun 5, 2010 at 11:17 PM, Chris Messina <chris.messina at gmail.com>wrote:
>
>> On Sat, Jun 5, 2010 at 7:35 AM, Dick Hardt <dick.hardt at gmail.com> wrote:
>>
>>>
>>> OAuth 2.0 does NOT solve the problems that OpenID was trying to solve. It
>>> is NOT a distributed identity system. If you can make discovery work for
>>> OAuth, then you can make it work for OpenID. OAuth implementations today do
>>> NOT have discovery.
>>>
>>
>> Perhaps standards groups like the OpenID Foundation operate in a slightly
>> different marketplace-twilight zone, but I'm curious how we define our
>> customers — and how that definition should or shouldn't affect the work that
>> gets done.
>>
>> For example, Luke — representing Facebook — is saying that there's not
>> been sufficient adoption of OpenID over the past several years, and for the
>> use cases that I've cared most about, I would agree with that assessment. It
>> is not the case that OpenID hasn't been adopted — but that OpenID simply
>> isn't the only game in town anymore, and that the market demand in the
>> consumer space was unearthed and capitalized on by the likes of Facebook and
>> Twitter, and NOT the many other OpenID providers.
>>
>> Facebook is saying that they want to work through the OpenID Foundation to
>> help develop a technology solution that is more like what the market has
>> already adopted — but that adds in discovery to aid in decentralizing
>> identity, at least in a very primitive way (hence the Connect proposal).
>>
>> Dick, you seem to be saying that OAuth is not a distributed identity
>> system, but that if discovery were defined for it (along with
>> auto-registration of clients), then it would be useful as a distributed
>> identity technology. Am I getting that right?
>>
>> I think the divide here comes down to whether the OIDF should be focused
>> on what the market demands and is willing to adopt *today*, or instead on
>> the set of technologies that may enable distributed identity solutions
>> *tomorrow*.
>>
>> My fear — which has been consistent — is that if we don't respond to the
>> market's desires today (represented by Facebook, Yahoo, and other's
>> comments) then we won't be part of the conversation when potential adopters
>> are looking for better solutions tomorrow.
>>
>> So, if we spin out the Connect proposal — or cause it so much friction
>> that it can't effectively proceed here — then by the time the ill-named
>> v.Next proposal is completed (with all of the "necessary" use cases
>> addressed), the world may have moved on, and the Foundation proven
>> irrelevant. I don't see it as an all-or-nothing situation, but as others
>> have said, there will be an identity piece baked into OAuth sooner than
>> later, and if that  work doesn't happen within the OIDF, we're going to be
>> pitching a product that no one has really said that they want, or are
>> currently signing up to implement, based on the lack of clarity in the
>> description of v.Next today, whereas there are already working prototypes of
>> the Connect proposal in the wild.
>>
>> There needs to be a bridge between OpenID 2.0 — which is a perfectly fine
>> solution for many use cases today — and the next iterations of OpenID 2.x
>> and beyond.
>>
>> Chris
>>
>>
>>> -- Dick
>>>
>>> On 2010-06-04, at 11:14 PM, Luke Shepard wrote:
>>>
>>> > We have complained for years in the OpenID community that we don't see
>>> enough adoption. That we don't have a great mobile story. That the spec is
>>> too complicated. That relying parties can't get the attributes they want.
>>> The fact is that most of the major identity providers have adopted or are
>>> planning to adopt OAuth 2.0 largely because it solves many of those
>>> problems.
>>> >
>>> > I believe in OpenID. I believe in the concept of a decentralized
>>> identity. I think the OpenID Foundation, by bringing together myriad
>>> companies and individuals, is in a unique position to really help bring
>>> cohesive, standardized technology - but only if it responds to the realities
>>> of the marketplace.
>>> >
>>> > My main goal is to see the next generation of identity technology
>>> built. A secondary goal is that it is built within the OpenID Foundation. I
>>> don't know what the technology will look like exactly - both Nat's and
>>> David's proposals have merit. I think the best way to figure out the tech is
>>> to implement it, experiment, and try it out in production. I think the wrong
>>> way to make it happen is to bicker over the exact wording of the working
>>> group before it's even started.
>>> >
>>> > As Allen said, this work will happen - must happen. The main question
>>> to the OpenID Foundation is whether it wants to encourage innovation or
>>> drift into irrelevance.
>>> >
>>> > On Jun 4, 2010, at 10:08 PM, Dick Hardt wrote:
>>> >
>>> >> Hi Allen
>>> >>
>>> >> Thanks for the response. My point in this email is that at the end of
>>> the meeting, it was agreed that Connect was not going to be done in the
>>> OIDF, which means the WG proposal would be withdrawn. With you and David
>>> agreeing on the specs council call that Connect should be a WG, that goes
>>> counter to what we had concluded at the meeting.
>>> >>
>>> >> Note that I was not the one to suggest that Connect was not going to
>>> be in the OIDF, but since that was what everyone had agreed to, there was no
>>> point in talking about how it would be done in the OIDF.
>>> >>
>>> >> -- Dick
>>> >>
>>> >>
>>> >> On 2010-06-04, at 8:58 PM, Allen Tom wrote:
>>> >>
>>> >>>
>>> >>> Hi Dick,
>>> >>>
>>> >>> Although I might not have expressed this as strongly as I should have
>>> last Friday, I believe that we should be working on an identity layer for
>>> OAuth2 within the OIDF.
>>> >>>
>>> >>> Yahoo will definitely be implementing this, and I would expect that
>>> all other OAuth SPs to do the same. It would definitely simplify things if
>>> we could have a single standard interface that can do everything that OpenID
>>> 2.0 +AX+Hybrid can do today, and also be extensible to be used for future
>>> services and even for OP specific proprietary APIs as well.
>>> >>>
>>> >>> I expect that an OAuth based identity layer would be widely
>>> implemented and far more widely used than OpenID, making OpenID largely
>>> irrelevant. Therefore, I think it's in the OIDFs best interest to back this
>>> imitative.
>>> >>>
>>> >>> However, on Friday, I did get the impression that there is not
>>> sufficent consensus to move forward. If that's still the case, then there's
>>> no point forcing the issue. The work is going to get done either way.
>>> >>>
>>> >>> Hope that clarifies things
>>> >>> Allen
>>> >>>
>>> >>>
>>> >>> On Jun 4, 2010, at 7:24 PM, Dick Hardt <dick.hardt at gmail.com> wrote:
>>> >>>
>>> >>>> David, Chris, Joseph, Allen
>>> >>>>
>>> >>>> When we met last Friday to discuss how Connect and v.Next would work
>>> together, the four of you had agreed that it would be best doing the Connect
>>> work outside the OIDF. I had come to the meeting to talk about how we would
>>> merge or align the efforts, but since there was consensus to do it outside,
>>> we did not discuss.
>>> >>>>
>>> >>>> From actions I have seen today, it seems that there has been a
>>> change since then and that you are planning on working on Connect per the
>>> original charter. As emailed separately, I have concerns with the charter as
>>> drafted.
>>> >>>>
>>> >>>> I am very disappointed that I learn about your change in mind by
>>> seeing postings on public mailing lists.
>>> >>>>
>>> >>>> WTF?
>>> >>>>
>>> >>>> -- Dick
>>> >>
>>> >> _______________________________________________
>>> >> board mailing list
>>> >> board at lists.openid.net
>>> >> http://lists.openid.net/mailman/listinfo/openid-board
>>> >
>>> >
>>> > _______________________________________________
>>> > board mailing list
>>> > board at lists.openid.net
>>> > http://lists.openid.net/mailman/listinfo/openid-board
>>>
>>> _______________________________________________
>>> board mailing list
>>> board at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-board
>>>
>>
>>
>>
>> --
>> Chris Messina
>> Open Web Advocate, Google
>>
>> Personal: http://factoryjoe.com
>> Follow me on Buzz: http://buzz.google.com/chrismessina
>> ...or Twitter: http://twitter.com/chrismessina
>>
>> This email is:   [ ] shareable    [X] ask first   [ ] private
>>
>> _______________________________________________
>> board mailing list
>> board at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-board
>>
>>
>
>
> --
> http://hi.im/santosh
>
>
>
> _______________________________________________
> board mailing list
> board at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-board
>
>

-- 
Chris Messina
Open Web Advocate, Google

Personal: http://factoryjoe.com
Follow me on Buzz: http://buzz.google.com/chrismessina
...or Twitter: http://twitter.com/chrismessina

This email is:   [ ] shareable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20100605/b1220147/attachment.html>