[OpenID] For the nominees

[Mike Kirkwood]

Eddy,

Good questions.   A few thoughts on each below.

--Mike Kirkwood
________________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of Eddy Nigg (StartCom Ltd.) [eddy_nigg at startcom.org]
Sent: Thursday, December 04, 2008 5:14 AM
To: general at openid.net
Subject: [OpenID] For the nominees

There are a few questions I'd like to ask the current nominees in order to get a better picture about which ideas a nominee represents. Of course the questions are specifically what I feel important:


 1.  Adoption of OpenID by relying parties isn't on-par with the amount of providers available. How would you improve that ratio?

This is a big question, I think there are several things to be considered.

1)  Clearly define the success of being a provider and a relying party on the experience for the user that is going in between these providers regularly.    One of the reasons it seems this issue isn't hotter right now, is the providers have in essence created islands of OpenIDs, it was definitely easier for them to do it this way initially, need to really look at the fundamentals of Single Sign On vs. OpenID adoption, for example, in the core goals of the platform

2)  Focus on the economics of a provider vs. relying party.   This includes setting up benefits for the operations of being a relying party.   Generating many individual provider id's isn't really on par with interoperability objectives.   What investments need to be made.   My suggestion is that a few of the bigger organizations should get together with the board and work it out on paper on what is needed to make it happen now between the big named parties (Google, Yahoo, MS, MySpace).   In my opinion, there should also be "extensions" that allow a bridge to other models of Relying Party, including possibly Facebook.

3)  Focus on requirements on the portability of the information for each scenario.   Make it so there is a distinct privacy/portability feature for users that they demand RP's rather than new provider OpenIDs.

4)  Clear this up in the marketing information for the organization.   First question.  OK there are 500m of them.   Do we know the actual number of Uniques (people, not ids).   That will be answered in this process and is key to solving the simplest promises of a common model.

 2.  What is it that should be done in order to have big providers like Google, Yahoo!, Microsoft rely on other operators?

Might have accidently answered this above.   Best answer for me is "making it so there is a benefit to users".   Easiest way to do that, features that allow me to be portable and save me time.

 3.  Do you think that a trust relationship framework should be created, similar to PKI auditing (or any other/similar idea) in order to allow relying parties easily trust on other operators? Or what would you suggest instead?

Trust relationships should be created, but they should be contextual based on what the person is trying to do and the parties are trying to assert.   I "trust" MS that it has my user ID.   If I want to extend the trust further, e.g. for them to be my Health Provider, or even further, for them to use my openID to share my information in the Health Ecosystem Partners, that should raise the bar of what type of proof (trust mechanics) are used in those scenarios.   For purposes of a lot of the initial use cases, it may prove necessary for the big providers to have deeper trust relationships, similar to a B2B hub, especially when the payload goes beyond my core identity into content and transactions.


 4.  Do you think that instead of hiring an executive director, the load of the different tasks could be shifted to a small group of different persons instead (foundation management)? Would you view a such a scenario possible and perhaps more efficient? (Considering the amount to be paid for an ED, I suspect that many highly motivated and capable individuals from within the community or from outside could do a better job than one individual and receive fair compensation for their work.)


I'm personally a fan of finding the best people and paying them what they "normally" get to do what is needed.   An ED would be great as an organizer/leader.   Since TIME is a critical factor here, I'd say all the $$ the board has should be used on the best talent that exists.   The key role that the OpenID board needs to provide is clear decision making so that the smartest continue to both contribute as volunteers, but also as.

That being said, I see a real issue on the board today, whereas several of the key members businesses rely on OpenID adoption for their livelihood.   We should find a way to treat this is in a way that doesn't muddy up the water.   Many hard decisions are coming for OpenID.   Some will cause some of the businesses to thrive and others may fail.   That should be a secondary issue to what is needed for OpenID to thrive.    I believe the smart people who built businesses around this will react quickly to the new challenges, but realistically, not all will respond the same.    Best example I've seen is the work in Japan.    It can be done (revenue generation through OpenID), and the more we can all see small slices of a huge pie, the better we are to evolve business and the economics of providers and relying parties to match the need.


--Mike