[OpenID] Purpose of OpenID Foundation and the Elections

Pat Cappelaere pat at cappelaere.com
Fri Dec 12 01:02:19 UTC 2008


Nice promise.
I would love to extend it one step further:
The data is mine. If I authorize an application to access it on my  
behalf, application can then get it.  And I can revoke that grant...  
and dispute access...  This is OpenID + OAuth which will now authorize  
transactions between services.  Very close to the VISA experience  
actually.  This would not be very hard to implement since most of the  
infrastructure is already in place.  No reason for providers to  
implement it on their own and do it wrong and provide another bad user  
experience.

Pat.

On Dec 11, 2008, at 7:46 PM, Johannes Ernst wrote:

> Specific comment on one of the many good things you are discussing:
>
> On Dec 11, 2008, at 14:56, Eran Hammer-Lahav wrote:
>
>> The two main contenders for the meaning of the OpenID brand are:  
>> technology
>> and product.
>
> There is another, which is "customer promise".
>
> Compare with "Visa".
>
> What is "Visa"?
> - Visa is an (interoperability) technology, because otherwise  
> sliding me card at the shoe store would not work
> - Visa is a product (a card), because I can order one from my bank
>
> But at the end of the day, both miss the essence of it.
>
> The way I think of Visa is as a promise to the customer. It's the  
> promise that if I do X (get the card, show the card at the shoe  
> store, pay my bill on time) then Y will happen (I get the shoes, I  
> can dispute the bill, ...)
>
> Simple test for this hypothesis: if tomorrow, Visa changed the  
> technology from whatever network protocols they have today to  
> something totally different, it would still be Visa. Also, if they  
> changed where you get the cards from, or whether or not it is even  
> card (e.g. embedded in a cell phone, for example), it would still be  
> Visa.
>
> But if they changed the promise and I won't get the shoes,  
> regardless of product or technology, it would not be Visa.
>
> I believe there is a great parallel to OpenID.
>
> I believe OpenID should be that promise. Displayed at the front door  
> of a website (like the Visa logo at the door of the shoe store) and  
> communicating to the customer "if X then Y".
>
> Today OpenID's customer promise means: if you bring a valid  
> identifier, you can log on without a password.
> It might, in some circumstances, mean today (and perhaps more so in  
> the future): if you filled out the profile at your OP, you don't  
> have to fill out forms here.
> In the future, it might also mean "all my data is mine, it moves  
> around as I like, and there is a legal framework around it that I  
> can legally enforce."
>
> This promise must exist as a brand. It must be multi-vendor/party.  
> It will turn out to be >>50% overlap with the term OpenID as it is  
> used today. So in my view, it should be OpenID.
>
>
>
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
> <lid.gif> <openid.gif> http://netmesh.info/jernst
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general




More information about the general mailing list