[OpenID] OAuth SPs don't have to be your OpenID OP

SitG Admin sysadmin at shadowsinthegarden.com
Sat Apr 4 06:08:06 UTC 2009


>Why should OpenID support OAuth at all? OpenID can stand on its own. All

Because it's an open standard? Interoperability is a crucial element, 
OpenID isn't out to crush all competition by outdoing every other 
spec at what they do best.

>OpenID needs to do is address the concerns of RP's and users.

I think OP's matter, too. Or are OP's just not entitled to any 
concerns? Or does everything seem weighted in their favor currently, 
with RP's and users losing out?

There have been attempts to address concerns, anyway. But more 
importantly, there have been efforts made to *establish* what those 
concerns *are* - by communicating with the OP's and RP's, and by 
doing useability studies. Let's keep this in mind, before we venture 
into a discussion of who gets to speak for millions of users - we can 
learn from past methods developed by those who came before us.

>The problem is that we are not considering one aspect of the internet we have
>seen over the years. The internet has an uncanny ability to sort out trust
>issues on it own. Users learn which RP's to trust. Rp's learn which OP's to
>trust. Maybe we should factor this into the thinking and move on instead of
>getting bogged down by trust issues.

So are we going to address the concerns of RP's and users or ignore 
their trust issues and leave them to work out everything on their own?

>The point is was making is that OpenID need not try to solve all the problems
>of the world.

So can we think about what problems we *do* need to solve, and are 
able to, so we can focus on solving just those problems?

>Wether we like it or not RP's are going to decide who they are
>going trust.

If you've already given up on the world that OpenID endeavors to 
bring about, why not find a project more suited to your philosophy?

-Shade



More information about the general mailing list