[OpenID] OAuth SPs don't have to be your OpenID OP
sysadmin at shadowsinthegarden.com
Sat Apr 4 06:08:06 UTC 2009
>Why should OpenID support OAuth at all? OpenID can stand on its own. All
Because it's an open standard? Interoperability is a crucial element,
OpenID isn't out to crush all competition by outdoing every other
spec at what they do best.
>OpenID needs to do is address the concerns of RP's and users.
I think OP's matter, too. Or are OP's just not entitled to any
concerns? Or does everything seem weighted in their favor currently,
with RP's and users losing out?
There have been attempts to address concerns, anyway. But more
importantly, there have been efforts made to *establish* what those
concerns *are* - by communicating with the OP's and RP's, and by
doing useability studies. Let's keep this in mind, before we venture
into a discussion of who gets to speak for millions of users - we can
learn from past methods developed by those who came before us.
>The problem is that we are not considering one aspect of the internet we have
>seen over the years. The internet has an uncanny ability to sort out trust
>issues on it own. Users learn which RP's to trust. Rp's learn which OP's to
>trust. Maybe we should factor this into the thinking and move on instead of
>getting bogged down by trust issues.
So are we going to address the concerns of RP's and users or ignore
their trust issues and leave them to work out everything on their own?
>The point is was making is that OpenID need not try to solve all the problems
>of the world.
So can we think about what problems we *do* need to solve, and are
able to, so we can focus on solving just those problems?
>Wether we like it or not RP's are going to decide who they are
If you've already given up on the world that OpenID endeavors to
bring about, why not find a project more suited to your philosophy?
More information about the general