[OpenID board] Connect WG

Santosh Rajan santrajan at gmail.com
Sun Jun 6 08:50:38 UTC 2010


Questions/answers inline

On Sun, Jun 6, 2010 at 11:46 AM, Chris Messina <chris.messina at gmail.com>wrote:

>
> On Sat, Jun 5, 2010 at 9:18 PM, Santosh Rajan <santrajan at gmail.com> wrote:
>
>> Hi Chris,
>>
>> After reading your post below. I have a couple of questions.
>>
>> 1) Instead of calling, the next version of OpenID, as suggested by you
>> earlier "OpenID.Connect". Why don't we call it "OpenID.TWITFACE". That would
>> be more appropriate. Do you agree?
>>
>
> No, I don't agree.
>


I am glad you don't agree. We are both in agreement on this one point.




>
>
>
>> 2) Who are you working for? If I remember correctly, you are currently
>> employed by Google?
>>
>
> I am employed by Google and thus I receive a paycheck from Google.
>

Great! Now that you are discussing your paycheck in public, What Good Have
you done for Google?





>
> However, I was elected to serve the OpenID Foundation board by the
> community for a two year term.
>

Right! So did those people who voted for you, know that you were going to
join Google before those 2 years were up? No they didn't!. So don';t talk
about this any more!





>
> My role on the board is as an advocate for the community and its interests.
> If I were put on the board to fill Google's seat, I would advocate for
> Google's position. I hope that members of the OpenID community have the
> ability to distinguish between both entities, and when I'm speaking at the
> behest of one or the other.
>


Do we have to take this kind of "neither here nor there nonsense anymore?"



>
> If I can keep these two sets of interests separate — sometimes aligned,
> sometimes not — I hope others can as well.
>


Yeah right! "Your others have already gone into hiding!"




>
> Chris
>
>
>>
>>
>>
>> On Sat, Jun 5, 2010 at 11:17 PM, Chris Messina <chris.messina at gmail.com>wrote:
>>
>>> On Sat, Jun 5, 2010 at 7:35 AM, Dick Hardt <dick.hardt at gmail.com> wrote:
>>>
>>>>
>>>> OAuth 2.0 does NOT solve the problems that OpenID was trying to solve.
>>>> It is NOT a distributed identity system. If you can make discovery work for
>>>> OAuth, then you can make it work for OpenID. OAuth implementations today do
>>>> NOT have discovery.
>>>>
>>>
>>> Perhaps standards groups like the OpenID Foundation operate in a slightly
>>> different marketplace-twilight zone, but I'm curious how we define our
>>> customers — and how that definition should or shouldn't affect the work that
>>> gets done.
>>>
>>> For example, Luke — representing Facebook — is saying that there's not
>>> been sufficient adoption of OpenID over the past several years, and for the
>>> use cases that I've cared most about, I would agree with that assessment. It
>>> is not the case that OpenID hasn't been adopted — but that OpenID simply
>>> isn't the only game in town anymore, and that the market demand in the
>>> consumer space was unearthed and capitalized on by the likes of Facebook and
>>> Twitter, and NOT the many other OpenID providers.
>>>
>>> Facebook is saying that they want to work through the OpenID Foundation
>>> to help develop a technology solution that is more like what the market has
>>> already adopted — but that adds in discovery to aid in decentralizing
>>> identity, at least in a very primitive way (hence the Connect proposal).
>>>
>>> Dick, you seem to be saying that OAuth is not a distributed identity
>>> system, but that if discovery were defined for it (along with
>>> auto-registration of clients), then it would be useful as a distributed
>>> identity technology. Am I getting that right?
>>>
>>> I think the divide here comes down to whether the OIDF should be focused
>>> on what the market demands and is willing to adopt *today*, or instead on
>>> the set of technologies that may enable distributed identity solutions
>>> *tomorrow*.
>>>
>>> My fear — which has been consistent — is that if we don't respond to the
>>> market's desires today (represented by Facebook, Yahoo, and other's
>>> comments) then we won't be part of the conversation when potential adopters
>>> are looking for better solutions tomorrow.
>>>
>>> So, if we spin out the Connect proposal — or cause it so much friction
>>> that it can't effectively proceed here — then by the time the ill-named
>>> v.Next proposal is completed (with all of the "necessary" use cases
>>> addressed), the world may have moved on, and the Foundation proven
>>> irrelevant. I don't see it as an all-or-nothing situation, but as others
>>> have said, there will be an identity piece baked into OAuth sooner than
>>> later, and if that  work doesn't happen within the OIDF, we're going to be
>>> pitching a product that no one has really said that they want, or are
>>> currently signing up to implement, based on the lack of clarity in the
>>> description of v.Next today, whereas there are already working prototypes of
>>> the Connect proposal in the wild.
>>>
>>> There needs to be a bridge between OpenID 2.0 — which is a perfectly fine
>>> solution for many use cases today — and the next iterations of OpenID 2.x
>>> and beyond.
>>>
>>> Chris
>>>
>>>
>>>> -- Dick
>>>>
>>>> On 2010-06-04, at 11:14 PM, Luke Shepard wrote:
>>>>
>>>> > We have complained for years in the OpenID community that we don't see
>>>> enough adoption. That we don't have a great mobile story. That the spec is
>>>> too complicated. That relying parties can't get the attributes they want.
>>>> The fact is that most of the major identity providers have adopted or are
>>>> planning to adopt OAuth 2.0 largely because it solves many of those
>>>> problems.
>>>> >
>>>> > I believe in OpenID. I believe in the concept of a decentralized
>>>> identity. I think the OpenID Foundation, by bringing together myriad
>>>> companies and individuals, is in a unique position to really help bring
>>>> cohesive, standardized technology - but only if it responds to the realities
>>>> of the marketplace.
>>>> >
>>>> > My main goal is to see the next generation of identity technology
>>>> built. A secondary goal is that it is built within the OpenID Foundation. I
>>>> don't know what the technology will look like exactly - both Nat's and
>>>> David's proposals have merit. I think the best way to figure out the tech is
>>>> to implement it, experiment, and try it out in production. I think the wrong
>>>> way to make it happen is to bicker over the exact wording of the working
>>>> group before it's even started.
>>>> >
>>>> > As Allen said, this work will happen - must happen. The main question
>>>> to the OpenID Foundation is whether it wants to encourage innovation or
>>>> drift into irrelevance.
>>>> >
>>>> > On Jun 4, 2010, at 10:08 PM, Dick Hardt wrote:
>>>> >
>>>> >> Hi Allen
>>>> >>
>>>> >> Thanks for the response. My point in this email is that at the end of
>>>> the meeting, it was agreed that Connect was not going to be done in the
>>>> OIDF, which means the WG proposal would be withdrawn. With you and David
>>>> agreeing on the specs council call that Connect should be a WG, that goes
>>>> counter to what we had concluded at the meeting.
>>>> >>
>>>> >> Note that I was not the one to suggest that Connect was not going to
>>>> be in the OIDF, but since that was what everyone had agreed to, there was no
>>>> point in talking about how it would be done in the OIDF.
>>>> >>
>>>> >> -- Dick
>>>> >>
>>>> >>
>>>> >> On 2010-06-04, at 8:58 PM, Allen Tom wrote:
>>>> >>
>>>> >>>
>>>> >>> Hi Dick,
>>>> >>>
>>>> >>> Although I might not have expressed this as strongly as I should
>>>> have last Friday, I believe that we should be working on an identity layer
>>>> for OAuth2 within the OIDF.
>>>> >>>
>>>> >>> Yahoo will definitely be implementing this, and I would expect that
>>>> all other OAuth SPs to do the same. It would definitely simplify things if
>>>> we could have a single standard interface that can do everything that OpenID
>>>> 2.0 +AX+Hybrid can do today, and also be extensible to be used for future
>>>> services and even for OP specific proprietary APIs as well.
>>>> >>>
>>>> >>> I expect that an OAuth based identity layer would be widely
>>>> implemented and far more widely used than OpenID, making OpenID largely
>>>> irrelevant. Therefore, I think it's in the OIDFs best interest to back this
>>>> imitative.
>>>> >>>
>>>> >>> However, on Friday, I did get the impression that there is not
>>>> sufficent consensus to move forward. If that's still the case, then there's
>>>> no point forcing the issue. The work is going to get done either way.
>>>> >>>
>>>> >>> Hope that clarifies things
>>>> >>> Allen
>>>> >>>
>>>> >>>
>>>> >>> On Jun 4, 2010, at 7:24 PM, Dick Hardt <dick.hardt at gmail.com>
>>>> wrote:
>>>> >>>
>>>> >>>> David, Chris, Joseph, Allen
>>>> >>>>
>>>> >>>> When we met last Friday to discuss how Connect and v.Next would
>>>> work together, the four of you had agreed that it would be best doing the
>>>> Connect work outside the OIDF. I had come to the meeting to talk about how
>>>> we would merge or align the efforts, but since there was consensus to do it
>>>> outside, we did not discuss.
>>>> >>>>
>>>> >>>> From actions I have seen today, it seems that there has been a
>>>> change since then and that you are planning on working on Connect per the
>>>> original charter. As emailed separately, I have concerns with the charter as
>>>> drafted.
>>>> >>>>
>>>> >>>> I am very disappointed that I learn about your change in mind by
>>>> seeing postings on public mailing lists.
>>>> >>>>
>>>> >>>> WTF?
>>>> >>>>
>>>> >>>> -- Dick
>>>> >>
>>>> >> _______________________________________________
>>>> >> board mailing list
>>>> >> board at lists.openid.net
>>>> >> http://lists.openid.net/mailman/listinfo/openid-board
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > board mailing list
>>>> > board at lists.openid.net
>>>> > http://lists.openid.net/mailman/listinfo/openid-board
>>>>
>>>> _______________________________________________
>>>> board mailing list
>>>> board at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-board
>>>>
>>>
>>>
>>>
>>> --
>>> Chris Messina
>>> Open Web Advocate, Google
>>>
>>> Personal: http://factoryjoe.com
>>> Follow me on Buzz: http://buzz.google.com/chrismessina
>>> ...or Twitter: http://twitter.com/chrismessina
>>>
>>> This email is:   [ ] shareable    [X] ask first   [ ] private
>>>
>>> _______________________________________________
>>> board mailing list
>>> board at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-board
>>>
>>>
>>
>>
>> --
>> http://hi.im/santosh
>>
>>
>>
>> _______________________________________________
>> board mailing list
>> board at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-board
>>
>>
>
>
> --
> Chris Messina
> Open Web Advocate, Google
>
> Personal: http://factoryjoe.com
> Follow me on Buzz: http://buzz.google.com/chrismessina
> ...or Twitter: http://twitter.com/chrismessina
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
>
> _______________________________________________
> board mailing list
> board at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-board
>
>


-- 
http://hi.im/santosh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20100606/a24ec811/attachment-0001.html>


More information about the board mailing list