[OpenID] For the nominees

David Recordon drecordon at sixapart.com
Fri Dec 5 20:37:49 UTC 2008


Hey Eddy,
As others have said, thanks for this thread.  Responses inline...

--David

On Dec 4, 2008, at 5:14 AM, Eddy Nigg (StartCom Ltd.) wrote:

> There are a few questions I'd like to ask the current nominees in  
> order to get a better picture about which ideas a nominee  
> represents. Of course the questions are specifically what I feel  
> important:
> Adoption of OpenID by relying parties isn't on-par with the amount  
> of providers available. How would you improve that ratio?
The areas I've focused on the past few years have been getting OpenID  
into the tools that developers and website builders are already  
using.  This means more than just having good Open Source libraries in  
a dozen different languages, but making it dead simple to add OpenID  
to your Rails app, Django app, MediaWiki install, blog, etc.  The  
Bounty program was designed to help achieve this and while we haven't  
awarded all of the bounties, after a year it started to drop off of  
people's radar I think it was an effort in the right direction.   
Today, my laptop running stock OS X 10.5 includes a Ruby on Rails  
development environment with about a dozen Ruby Gems (packages) where  
one is a Yadis library and another for OpenID.

Going forward, I think we need to focus on multiple aspects to  
increase the number of relying parties and shift the balance toward  
more notable sites like MapQuest.com:

1) The Foundation should facilitate the improvement of Open Source  
implementations of OpenID.  The past few months I've been hearing that  
the current libraries are no longer at the level they need to be and http://openidenabled.com/ 
  seems to have partially turned into an ad for JanRain's RPX.  The  
OAuth community has been successful in having a shared Google Code  
project where all of the open source implementations in each language  
live and are maintained.  I tried to do this a few years ago with  
moving the libraries into a project in the Apache Software Foundation  
but that fell apart.

2) It isn't currently as clear as it could be *how* to implement  
OpenID on your site following best practices.  Joseph Smarr wrote a  
guide two years ago (http://www.plaxo.com/api/openid_recipe) which is  
now out of date and Simon Willison and I gave a 3-hour tutorial (http://www.slideshare.net/daveman692/openid-bootcamp-tutorial 
) with nearly 100K views which is also out of date though those are  
currently some of the best resources.  The Foundation needs to  
continue facilitating the development of best practices to make it  
easier for developers, designers and product managers to understand  
how to implement OpenID logins on their site.  I'm also working with  
Laurie Rae on writing a book for O'Reilly (which will become Creative  
Commons) to help document some of this stuff.

3) The value of accepting OpenID logins needs to be increased.   
Facebook Connect clearly provides access to profile information and a  
way for site owners to virally share activities.  In my mind, this is  
the largest task that OpenID, OAuth, and OpenSocial will need to  
address collectively next year.

4) The Foundation should continue holding meetings like the Content  
Provider one in NY a few months ago to work with Relying Parties and  
understand what they need to be successful with OpenID.  We should be  
proactively approaching potential Relying Parties and holding open  
meetings in a variety of cities.

5) The Foundation should be in contact with analysts to help them  
better understand the space and what value OpenID offers.

> What is it that should be done in order to have big providers like  
> Google, Yahoo!, Microsoft rely on other operators?
Time.  These companies each have their own internal issues to work out  
and I have confidence that they will.  No one thought that they would  
become Providers in the first place, but I remember spending nearly a  
year working with Yahoo! helping the team formulate their business  
case to upper management and then figuring out their implementation.   
The Foundation and Community must be supportive of these companies  
understanding that they can't do something at the speed of a startup  
while we offer as much help as they're willing to accept.

Just as we need to work with potential Relying Parties to better  
understand what they need to be successful with OpenID, we need to do  
the same thing with these Providers.

> Do you think that a trust relationship framework should be created,  
> similar to PKI auditing (or any other/similar idea) in order to  
> allow relying parties easily trust on other operators? Or what would  
> you suggest instead?
Ignoring the technical side of this, I do think that we'll reach a  
point where Relying Parties will need to learn more about how  
trustworthy a given user or their Provider is.  I don't believe that  
the OpenID Foundation should be running such a trust network,  
certification, or accreditation programs.

> Do you think that instead of hiring an executive director, the load  
> of the different tasks could be shifted to a small group of  
> different persons instead (foundation management)? Would you view a  
> such a scenario possible and perhaps more efficient? (Considering  
> the amount to be paid for an ED, I suspect that many highly  
> motivated and capable individuals from within the community or from  
> outside could do a better job than one individual and receive fair  
> compensation for their work.)
I think that it's important to have accountability when any group of  
people are being paid to do something.  As the board is made up of a  
group of volunteers, I do believe that having a paid ED is needed to  
really move the organization forward.  In the past I've thought about  
how this role could be split up, but today I think our focus must be  
on getting a strong ED on board who can execute and show the value of  
the Foundation.

>
> -- 
> Regards
>
> Signer: 	Eddy Nigg, StartCom Ltd.
> Jabber: 	startcom at startcom.org
> Blog: 	Join the Revolution!
> Phone: 	+1.213.341.0390
>   _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081205/dffafd3e/attachment-0002.htm>


More information about the general mailing list