[OpenID board] Why Connect?

Brian Kissel bkissel at janrain.com
Tue May 25 05:04:40 UTC 2010 

I won't purport to know the answer to some of the tough questions we're
wrestling with here, but do agree with Eran that whatever we do should be
"market driven."  To that end, what I'd really like to hear is from existing
and prospective RPs who are following this list.  We’ve had plenty of input
from OPs and technologists.  If we don't have enough input from RPs on this
list, how do we get it?  I’ve seen a post or two on this thread recently
saying that we’ve evolved beyond the point where a few folks can say “we
know what’s best for the market” and others will follow.  I agree with that
sentiment, we need broader involvement and feedback, not necessarily on the
specifications, but on the MRDs and PRDs that should be the precursors to
our specifications work.



I spoke with Daniel Jacobson of NPR today who is the chairman of the
Adoption Committee, and a prospective RP, and asked him to provide his input
to this discussion – which he will be doing shortly.  I've also asked Rob
Harles of Sears and Marc Frons of the NY Times, both OIDF board members, to
provide input. At Janrain we're talking to existing and prospective RPs
every day.  While each have some unique requirements, many have similar
objectives and concerns.  Here's my take so far, but would really like to
hear from other existing and prospective RPs across a range of applications:
social web, enterprise, ecommerce, government, news & media, etc.



·         They want something that is backward and forward compatible if
possible.  Ripping and replacing core technologies is painful.  If we’re
going to make changes that break backwards compatibility (which it sounds
like both OpenID V.Next and OpenID Connect have the potential of doing),
let’s make sure that the new platform is extensible enough to support future
expected use cases and expanded functionality – richer industry/application
specific data, security enhancements, commerce enhancements, reputation
management, multiple platforms (PC, mobile, game consoles, etc.)  If we do
end up having to break backward compatibility, let’s make sure we have a
clear and consistent migration path that’s as seamless as possible for
existing RPs.  This doesn’t mean that the baseline lowest common denominator
platform should be complex and difficult to deploy (to the contrary), but it
should support extensions and enhancements that enable broader used cases
than the lowest common denominator.

·         They want a clear message on how all the related technologies can
and should work together: OpenID, OAuth, SREG, AX, Portable Contacts,
Activity Streams, Open Social, Artifact Binding, Contract Exchange,
Discovery, UX Extension, etc. – both functionality and timing (roadmap).

·         They want something that is easy to deploy and maintain, and
intuitive and compelling for end users.  They can accept that for advanced
features, additional effort and complexity will likely be involved.

·         They would like to see OPs behave in a consistent and predictable
way as they evolve and enhance their services.  If OPs behave erratically
and without clear and timely communications, it’s harder to buy into the
ecosystem.



I hope I’ve accurately captured some of the feedback we’ve been hearing and
if not I trust that the RPs that are monitoring this list will provide their
feedback and recommendations.



I’d encourage each of us who is monitoring this list to invite more RPs
(existing and prospective) to the discussion.



Cheers,


Brian

*___________*

* *

*Brian Kissel <http://www.linkedin.com/pub/0/10/254>*

CEO - JanRain, Inc.

bkissel at janrain.com

Mobile: 503.342.2668 | Fax: 503.296.5502

519 SW 3rd Ave. Suite 600  Portland, OR 97204



*Increase registrations, engage users, and grow your brand with RPX.  Learn
more at **www.rpxnow.com*



-----Original Message-----
From: openid-specs-bounces at lists.openid.net [mailto:
openid-specs-bounces at lists.openid.net] On Behalf Of Eran Hammer-Lahav
Sent: Monday, May 24, 2010 7:01 PM
To: Dick Hardt
Cc: Joseph Smarr; OpenID Board (public); openid-specs at lists.openid.net
Subject: RE: [OpenID board] Why Connect?







> -----Original Message-----

> From: Dick Hardt [mailto:dick.hardt at gmail.com]

> Sent: Monday, May 24, 2010 6:20 PM

> To: Eran Hammer-Lahav

> Cc: Allen Tom; David Recordon; Joseph Smarr; OpenID Board (public);

> openid-specs at lists.openid.net

> Subject: Re: [OpenID board] Why Connect?

>

>

> On 2010-05-24, at 6:08 PM, Eran Hammer-Lahav wrote:

>

> > The question is:

> >

> > Is the OIDF interested in taking the lead in building an identity layer
for

> OAuth 2.0?

> >

> > I'm willing to bet that if the answer is no, it will be the beginning of
the end

> for OpenID. OAuth 2.0 + identity will fully cover the OpenID 2.0 use cases
in a

> cleaner, more secure way.

>

> OpenID Connect as currently envisioned misses many of the internet
identity

> use cases.



And covers most of the ones desired by those currently implementing OpenID.
For those using OpenID 2.0 today, this proposal offers a full and
significantly better replacement. This proposal is 100% market-driven, which
is not something I can say about OpenID now or in the past. This proposal is
driven by developers, providers, and end users.



> >

> > This is very much an issue of timing. If the problem is the name, call
it the

> "OAuth Identity Framework",

>

> OpenID Connect has very little to do with OpenID, and lots to do with
OAuth.

> That sounds like a better name.



True if you define OpenID as nothing but a protocol. But if that is your
definition, I think OpenID best days are behind it. People don't care about
protocols, they care about products. I think it would be a mistake for the
OpenID foundation to let OAuth take over such a huge chunk of the current
OpenID use cases.



> > leaving OpenID to be whatever the v.next WG decides it will be a year or

> two from now.

>

> That sounds like a challenge I am will to take on. :)



Well, that's something the foundation will have to figure out. All I can do
is offer my perspective.



EHL

_______________________________________________

specs mailing list

specs at lists.openid.net

http://lists.openid.net/mailman/listinfo/openid-specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20100524/0ca4c173/attachment.html>

More information about the board mailing list