[OpenID] For the nominees

[Eric Sachs]

>> 1. Adoption
of OpenID by relying parties isn't on-par with the amount of providers
available. How would you improve that ratio?
Google has a few projects related to increasing the use of federated login
including Blogger, FriendConnect, and our generic Google Accounts IDP.  My
focus, and also personal passion for years pre-Google, has been adoption of
federated login by the 100 websites with the largest # of logged in users.
 100 sites is not many compared to the much larger number of potential
smaller sites that could become RPs, however I believe it will have more
visible impact for average users.  That group already understands the
potential business value, but does not believe the technology is ready yet,
especially from a usability perspective, and I think they are right.  So I
will continue to focus on identifying the improvements needed to convince
that group to adopt federated login.  I think other members of the current
board, and candidates for the additional seats, are better positioned to
increase the absolute number of RPs.
>> 2.
What is it that should be done in order to have big providers like
Google, Yahoo!, Microsoft rely on other operators?
This is best answered by a blog post I made right after Google announced our
generic IDP.

http://google-code-updates.blogspot.com/2008/10/moving-another-step-closer-to-single.html
In paragraph 4+ I try to explain that Google already is a relying party to
thousands of domains in our AppsForYourDomain service, and from that
experience we have learned that our rich-client apps are causing huge
problems.  We already have paying customers yelling at us about this, so we
have to solve it, but it won't happen overnight.  Microsoft/Yahoo, and even
Plaxo, have the same problem.
The other challenge is how do we modify the Google Accounts login box.  We
have done a ton of research on that question, and think we may have hit on a
good answer, however all the previous attempts we tried failed miserably so
we certainly won't become an RP for our traditional consumer services until
that issue is resolved.

>> 3.
Do you think that a trust relationship framework should be created,
similar to PKI auditing (or any other/similar idea) in order to allow
relying parties easily trust on other operators? Or what would you
suggest instead?
When I talk to top 100 websites, the trust issues for them are not about
security.  The trust issues are about the usability and reliability of the
IDP.  For example, Yahoo's updated IDP user experience is now quite simple,
however the websites we talked to made it very clear they would never use
Google as an IDP if we had a user experience like Yahoo's older one.  But
that still creates a problem for those websites to identify which IDPs
provide a simple/reliable experience.  Some of that may be addressed by SaaS
vendors who run IDPs as a service like symplified.com, Janrain, Ping
Identity, MS Azure, etc.  A mainstream website might trust any IDP who is
hosted by a known SaaS vendor.  However for the longer-tail we may see a
need for companies who build a business out of validating the UI/reliability
of IDPs and selling those lists to other websites.

>> 4.
Do you think that instead of hiring an executive director, the load of
the different tasks could be shifted to a small group of different
persons instead (foundation management)? Would you view a such a
scenario possible and perhaps more efficient? (Considering the amount
to be paid for an ED, I suspect that many highly motivated and capable
individuals from within the community or from outside could do a
better job than one individual and receive fair compensation for their
work.)In
the near term there is a lot of administrative/head-banging work that has to
be done, and I don't see how to avoid that.  Longer term (6+ months), I
expect one of the key roles of an ED in this space will be to serve as a
more formal spokesman about OpenID to the press.  In the last few months I
have seen an increase in awareness of OpenID amoung mainstream websites,
however that has actually hurt our community in some ways because most of
those folks who became aware of it did more research and decided it was not
in very good shape.  One of our challenges is that OpenID addresses a bunch
of possible use cases, and so our external messaging comes across as very
muddied.  As we solidify our approach to more of these use cases, we need an
ED who can help us interact with the press and analysts to provide
short/clear messaging about when and how OpenID should be used.

Eric Sachs
Senior Product Manager, Google Security

On Thu, Dec 4, 2008 at 5:14 AM, Eddy Nigg (StartCom Ltd.) <
eddy_nigg at startcom.org> wrote:

>  There are a few questions I'd like to ask the current nominees in order to
> get a better picture about which ideas a nominee represents. Of course the
> questions are specifically what I feel important:
>
>
>    1. Adoption of OpenID by relying parties isn't on-par with the amount
>    of providers available. How would you improve that ratio?
>    2. What is it that should be done in order to have big providers like
>    Google, Yahoo!, Microsoft rely on other operators?
>    3. Do you think that a trust relationship framework should be created,
>    similar to PKI auditing (or any other/similar idea) in order to allow
>    relying parties easily trust on other operators? Or what would you suggest
>    instead?
>     4. Do you think that instead of hiring an executive director, the load
>    of the different tasks could be shifted to a small group of different
>    persons instead (foundation management)? Would you view a such a scenario
>    possible and perhaps more efficient? (Considering the amount to be paid for
>    an ED, I suspect that many highly motivated and capable individuals from
>    within the community or from outside could do a better job than one
>    individual and receive fair compensation for their work.)
>
>
> --
>   Regards      Signer:  Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
> Jabber:  startcom at startcom.org  Blog:  Join the Revolution!<http://blog.startcom.org>
> Phone:  +1.213.341.0390
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081204/931d3831/attachment-0002.htm>