[OpenID] For the nominees
David Recordon
drecordon at sixapart.com
Fri Dec 5 20:37:49 UTC 2008
Hey Eddy,
As others have said, thanks for this thread. Responses inline...
--David
On Dec 4, 2008, at 5:14 AM, Eddy Nigg (StartCom Ltd.) wrote:
> There are a few questions I'd like to ask the current nominees in
> order to get a better picture about which ideas a nominee
> represents. Of course the questions are specifically what I feel
> important:
> Adoption of OpenID by relying parties isn't on-par with the amount
> of providers available. How would you improve that ratio?
The areas I've focused on the past few years have been getting OpenID
into the tools that developers and website builders are already
using. This means more than just having good Open Source libraries in
a dozen different languages, but making it dead simple to add OpenID
to your Rails app, Django app, MediaWiki install, blog, etc. The
Bounty program was designed to help achieve this and while we haven't
awarded all of the bounties, after a year it started to drop off of
people's radar I think it was an effort in the right direction.
Today, my laptop running stock OS X 10.5 includes a Ruby on Rails
development environment with about a dozen Ruby Gems (packages) where
one is a Yadis library and another for OpenID.
Going forward, I think we need to focus on multiple aspects to
increase the number of relying parties and shift the balance toward
more notable sites like MapQuest.com:
1) The Foundation should facilitate the improvement of Open Source
implementations of OpenID. The past few months I've been hearing that
the current libraries are no longer at the level they need to be and http://openidenabled.com/
seems to have partially turned into an ad for JanRain's RPX. The
OAuth community has been successful in having a shared Google Code
project where all of the open source implementations in each language
live and are maintained. I tried to do this a few years ago with
moving the libraries into a project in the Apache Software Foundation
but that fell apart.
2) It isn't currently as clear as it could be *how* to implement
OpenID on your site following best practices. Joseph Smarr wrote a
guide two years ago (http://www.plaxo.com/api/openid_recipe) which is
now out of date and Simon Willison and I gave a 3-hour tutorial (http://www.slideshare.net/daveman692/openid-bootcamp-tutorial
) with nearly 100K views which is also out of date though those are
currently some of the best resources. The Foundation needs to
continue facilitating the development of best practices to make it
easier for developers, designers and product managers to understand
how to implement OpenID logins on their site. I'm also working with
Laurie Rae on writing a book for O'Reilly (which will become Creative
Commons) to help document some of this stuff.
3) The value of accepting OpenID logins needs to be increased.
Facebook Connect clearly provides access to profile information and a
way for site owners to virally share activities. In my mind, this is
the largest task that OpenID, OAuth, and OpenSocial will need to
address collectively next year.
4) The Foundation should continue holding meetings like the Content
Provider one in NY a few months ago to work with Relying Parties and
understand what they need to be successful with OpenID. We should be
proactively approaching potential Relying Parties and holding open
meetings in a variety of cities.
5) The Foundation should be in contact with analysts to help them
better understand the space and what value OpenID offers.
> What is it that should be done in order to have big providers like
> Google, Yahoo!, Microsoft rely on other operators?
Time. These companies each have their own internal issues to work out
and I have confidence that they will. No one thought that they would
become Providers in the first place, but I remember spending nearly a
year working with Yahoo! helping the team formulate their business
case to upper management and then figuring out their implementation.
The Foundation and Community must be supportive of these companies
understanding that they can't do something at the speed of a startup
while we offer as much help as they're willing to accept.
Just as we need to work with potential Relying Parties to better
understand what they need to be successful with OpenID, we need to do
the same thing with these Providers.
> Do you think that a trust relationship framework should be created,
> similar to PKI auditing (or any other/similar idea) in order to
> allow relying parties easily trust on other operators? Or what would
> you suggest instead?
Ignoring the technical side of this, I do think that we'll reach a
point where Relying Parties will need to learn more about how
trustworthy a given user or their Provider is. I don't believe that
the OpenID Foundation should be running such a trust network,
certification, or accreditation programs.
> Do you think that instead of hiring an executive director, the load
> of the different tasks could be shifted to a small group of
> different persons instead (foundation management)? Would you view a
> such a scenario possible and perhaps more efficient? (Considering
> the amount to be paid for an ED, I suspect that many highly
> motivated and capable individuals from within the community or from
> outside could do a better job than one individual and receive fair
> compensation for their work.)
I think that it's important to have accountability when any group of
people are being paid to do something. As the board is made up of a
group of volunteers, I do believe that having a paid ED is needed to
really move the organization forward. In the past I've thought about
how this role could be split up, but today I think our focus must be
on getting a strong ED on board who can execute and show the value of
the Foundation.
>
> --
> Regards
>
> Signer: Eddy Nigg, StartCom Ltd.
> Jabber: startcom at startcom.org
> Blog: Join the Revolution!
> Phone: +1.213.341.0390
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081205/dffafd3e/attachment-0002.htm>
More information about the general
mailing list