[OpenID] For the nominees

[Scott Kveton]

Hi Eddy,

Great idea ... thanks for starting this thread.

> Adoption of OpenID by relying parties isn't on-par with the amount of
> providers available. How would you improve that ratio?

I think we need to continue reaching out to RP's to get their feedback
on what *they* want.  We have to be careful as technologists to not
get caught in the but-the-technology-does-it-this-way cycle.

The feedback from the Content Provider Advisory meeting that happened
in NYC a few months ago was very clear; make it easy for users to sign
into our sites and give us the same data we would get if they
registered with a local account.  Make it easy (i.e. few redirects)
and make sure its secure.

The Usability Summit at Yahoo was also another great step forward as
is the work that Messina, Yahoo and Facebook have done (and most
importantly shared).

I'd like to do more programs like the Content Provider and Usability
summits focused on specific kinds of RP's to get their feedback and
then use that feedback to move OpenID from a technology to a real
solution for users and sites.

> What is it that should be done in order to have big providers like Google,
> Yahoo!, Microsoft rely on other operators?

Becoming a provider is a really easy way for the large companies to
dip their toes in the water wrt OpenID.  Fortunately there are many,
many big players: Yahoo, AOL, Microsoft, Google, MySpace, Facebook,
etc.  Each one of these companies is continuously pushing the "open"
envelope and giving more control to users and more functionality to
developers.  I think it will be this "peer" pressure that pushes the
big guys to start accepting OpenID's from other sites.

As the OIDF, we'll want to focus on making sure we avoid the potential
for the big guys to just accept OpenIDs from each other and locking
out the entire open eco-system.  The OIDF can't enforce this but we
can through continued conversations, programs and discussions at
conferences make sure we make it clear what the value is for accepting
OpenIDs from the entire eco-system.

Finally, many of these large organizations have considerable legal
concerns with these technologies and honestly, I'm astounded at the
pace they are moving already.  It took Linux 10 years to reach
"comfortable" adoption within the enterprise and we're moving
significantly faster (yes, I'm comparing apples to oranges a bit
there).

> Do you think that a trust relationship framework should be created, similar
> to PKI auditing (or any other/similar idea) in order to allow relying
> parties easily trust on other operators? Or what would you suggest instead?

We're going to need something like this to deal with the trust issue.
Right now we're in the same place as email was (and still is) but we
have a chance to fix it because OpenID hasn't been widely adopted and
the technology is still in flux.  We have all of the right (and smart)
people at the table so this is a great place to make it happen.  This
would be a fantastic committee or program for the OIDF to sponsor.

> Do you think that instead of hiring an executive director, the load of the
> different tasks could be shifted to a small group of different persons
> instead (foundation management)? Would you view a such a scenario possible
> and perhaps more efficient? (Considering the amount to be paid for an ED, I
> suspect that many highly motivated and capable individuals from within the
> community or from outside could do a better job than one individual and
> receive fair compensation for their work.)

No, I believe the OIDF needs an ED.  The OIDF is a 501c3 non-profit
corporation with fiduciary responsibilities and most of the volunteer
work we've been doing takes away from what's most important.  In the
interest of moving the organization forward, let's dedicate resources
to one individual who will be responsible for the administrative tasks
of the organization so the rest of the board and community can focus
on making OpenID better.  IMHO - managing the details of the
organization isn't the "main thing" for the OIDF.

I personally like the idea of having one person that is a point of
contact for the corporate board members, can coordinate programs,
schedule events, manage finances, bylaws, trademarks, IP, etc.  To me
this is a *better* use of the OIDF's funds as we would be able to move
the organization and technology forward all at the same time.

With a board of this size we have no accountability for getting things
done.  With the volunteer community board and corporate board no one
has the OIDF as their *primary* responsibility.  The primary
responsibility of the OIDF ED would be to the OIDF.

- Scott