[OpenID] openid, foaf and attribute exchange

Peter Williams pwilliams at rapattoni.com
Wed Jul 25 18:40:07 UTC 2007


Using RDF resources for FOAF in the OpenID Context is a good idea ...
for the very reason that significant FOAF infrastructure already exists.
OpenID deployments can easily cooperate with the parallel FOAF
infrastructure that others develop and maintain. The whole microformats
aspect pursued by the FOAF community is well suited to OpenID design
philosophy, I believe - using HTML rather than XML/RDF to communicate
simplistic data fields, SIMPLY. As its only certain OP Consumers that
might bother to add this kind of FOAF UI value and access controls (and
thus engineer the required support for the RDF handling), a nice
distinction between OP Consumers comes about: some add FOAF/RDF support,
some do not. This parallels OpenID Exchange - an optional protocol for
OP Consumers. An OpenID Consumer is NOT "incomplete", when support for
OpenID Exchange is absent, we note.

Making OpenID into more of a heavyweight identity management protocol
(with RDF ontologies affecting OpenID core compliance itself) starts to
raise questions in my mind. Is OpenID _targeting_ federation-style
architectures - rather than de-centralization? Is OpenID staying simple,
or is compliance going to assume that OP Consumers and OP Providers must
interface to RDF resources? Is the style of the spec going to go from
its free and easy, free-form English... or become a barrier to reading
by your average programmer, when it starts to exhibit use of high-power
formalisms?

These issues and question are pertinent believe - as they define what
the goals of the community are. It OpenID going to stay
philosophically-true to its grassroots image and nature ...which led to
its runaway success? Or, is a club of security professional vendors now
going to drive it... as yet another way to deliver identity management
products/services?

Let me put it more simply, perhaps. If it's the goal of OpenID to
compete with SAML/ws-trust, I'm not sure I'm in the right place. I do
like the way SUN characterize OpenID: it's a lightweight protocol that
complements the world of SAML/ws-trust doing well things that neither of
the latter will do well, each being over-engineered for low- or
medium-assurance webSSO.

I saw recently, in contrast to the SUN philosophy, the way the Bandit
project conceives of the world, and OpenID indeed. Whilst its seems
proper that OpenID can be fit into Bandit as a plug-and-play component,
I'm not sure I'd counsel folks to let OpenID insist that implementers
MUST adopt that design culture. Do I have to know what an RDF ontology
even is, merely to send my OpenID to a form?

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Mark Wahl
Sent: Wednesday, July 25, 2007 6:16 AM
To: Story Henry
Cc: foaf-dev; general at openid.net
Subject: Re: [OpenID] openid, foaf and attribute exchange

Story Henry wrote:

>    - duplicating effort. This spec is inventing a metadata format, a  
> query language and storage API, which is a lot of work. These things  
> have been done before:
>       + metadata framework: as shown above RDF does this very well  
> already. It has a very powerful semantics, has gone through years of  
> review by some of the best thinkers in the world, is extensible, self

> describing, etc, etc... having to learn another special convention as

> proposed here, is one more unnecessary piece of work.

Actually there has not yet been defined a suitable protocol-indepdendent

metadata format for identity schemas elements such as attribute types
and claim types. "RDF" by itself is insufficient as there has not yet
been defined ontologies for identity schemas.  To address this the
Identity Commons Identity Schemas working group is defining a common set
of metadata representation elements for OpenID (and CardSpace and others
emerging protocols); a work-in-progress can be seen at
http://idschemas.idcommons.net/moin.cgi/MetaData
which can be expressed in RDF and retrieved via "GET", as described in
http://idschemas.idcommons.net/moin.cgi/BasicRetrieval


Mark Wahl
Informed Control Inc.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general



More information about the general mailing list