[OpenID] Purpose of OpenID Foundation and the Elections

Peter Williams pwilliams at rapattoni.com
Fri Dec 12 01:15:00 UTC 2008


One of the first internet startups (the second I think) declared it would eliminate visa (as a bottom feeding microsucker of the evil capitalist empire, with no further reason to exist as an evil TTP since ipng routing exchanges could do anything visa could).

Didn't work. Governance is hard. Has little or nothing to do with technology. VISA has more technology (and sso patents) that it knows what to do with.

Don't forget without VISA, there would have been no VeriSign. Everything VeriSign knows about commercial trust networks was taught to them by the VISA board member, one of the original VISA architects who found the formula to defeat the ("sp"-centric) storecards in the late 1960s.  It was just fascinating to listen, learn, and eventually just copy a few of the working governance models.

Payment protocols are also fun, in and of themselves.

Advice: Don't make Openid+OAUTH into a payment, clearing or settlement protocol. Stay clear and just focus on shopping, account registration, terms negotiation, and technical auth/authz between sites.

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Pat Cappelaere
Sent: Thursday, December 11, 2008 5:02 PM
To: Johannes Ernst
Cc: general at openid.net List
Subject: Re: [OpenID] Purpose of OpenID Foundation and the Elections

Nice promise.
I would love to extend it one step further:
The data is mine. If I authorize an application to access it on my
behalf, application can then get it.  And I can revoke that grant...
and dispute access...  This is OpenID + OAuth which will now authorize
transactions between services.  Very close to the VISA experience
actually.  This would not be very hard to implement since most of the
infrastructure is already in place.  No reason for providers to
implement it on their own and do it wrong and provide another bad user
experience.

Pat.

On Dec 11, 2008, at 7:46 PM, Johannes Ernst wrote:

> Specific comment on one of the many good things you are discussing:
>
> On Dec 11, 2008, at 14:56, Eran Hammer-Lahav wrote:
>
>> The two main contenders for the meaning of the OpenID brand are:
>> technology
>> and product.
>
> There is another, which is "customer promise".
>
> Compare with "Visa".
>
> What is "Visa"?
> - Visa is an (interoperability) technology, because otherwise
> sliding me card at the shoe store would not work
> - Visa is a product (a card), because I can order one from my bank
>
> But at the end of the day, both miss the essence of it.
>
> The way I think of Visa is as a promise to the customer. It's the
> promise that if I do X (get the card, show the card at the shoe
> store, pay my bill on time) then Y will happen (I get the shoes, I
> can dispute the bill, ...)
>
> Simple test for this hypothesis: if tomorrow, Visa changed the
> technology from whatever network protocols they have today to
> something totally different, it would still be Visa. Also, if they
> changed where you get the cards from, or whether or not it is even
> card (e.g. embedded in a cell phone, for example), it would still be
> Visa.
>
> But if they changed the promise and I won't get the shoes,
> regardless of product or technology, it would not be Visa.
>
> I believe there is a great parallel to OpenID.
>
> I believe OpenID should be that promise. Displayed at the front door
> of a website (like the Visa logo at the door of the shoe store) and
> communicating to the customer "if X then Y".
>
> Today OpenID's customer promise means: if you bring a valid
> identifier, you can log on without a password.
> It might, in some circumstances, mean today (and perhaps more so in
> the future): if you filled out the profile at your OP, you don't
> have to fill out forms here.
> In the future, it might also mean "all my data is mine, it moves
> around as I like, and there is a legal framework around it that I
> can legally enforce."
>
> This promise must exist as a brand. It must be multi-vendor/party.
> It will turn out to be >>50% overlap with the term OpenID as it is
> used today. So in my view, it should be OpenID.
>
>
>
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
> <lid.gif> <openid.gif> http://netmesh.info/jernst
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general



More information about the general mailing list