[OpenID] Is Ignoring Attribute Exchange a strategic error?

Scott Kveton scott at janrain.com
Thu Jan 18 19:12:27 UTC 2007


> First let's make sure we are not confusing the OpenID Exchange
> proposal from Martin and the OpenID Attribute Exchange proposal.[1] (AX)

Excellent point.  Thanks for clarifying this.
 
> AX is why Sxip joined OpenID. SSO is nice for sites, but what we have
> found they really want, and should be clear to the OpenID community
> since SREG was created, is moving identity attributes.

I just want to be clear here as I have been in face-to-face meetings with
folks and I'll say it here on the list; JanRain is totally behind attribute
exchange and will support it in our libraries and within the community.  Its
going to be critical to the long-term success of OpenID.

My point from the previous email was that if we don't have a ubiquitous
authentication mechanism, then anything else that follows it is moot.

> OpenID does NOT solve phishing, in fact if the OP is not implemented
> well, it can make phishing easier as pointed out in Kim Cameron's
> blog [2].

Hopefully some of the recent discussions we've been having with Mozilla and
Microsoft can help change that.

- Scott




More information about the general mailing list