[OpenID] OpenID 2.1 clarification on use of LocalID

Peter Williams pwilliams at rapattoni.com
Sat Apr 11 05:33:14 UTC 2009

Not sure I agree that

> Delegation via XRDS is equally broken.

[Peter Williams] I have not decide what to do with openid. Given what's happening, I'm more prone to site on the fence - though support of the efforts at redesign, from analyzing the core principles that matter, those that must be discarded, and those than must be added.

Openid 1.0 was an evangelical sham. The 26,000 adopting sites were unverifiable. It did ignite a movement (which is quite a remarkable feat).

Openid 2.0 obviously never happened, outside the lab. It did facilitate consensus, however (which is also quite a remarkable feat).

Openid 2.1 is likely to impose op-centric federation models, based on hub/spoke management controls systems. Though I support OAUTH cooperating with openid (because it adds a delegation model, targeting web services rather than web browsing), I can also see the downside: OAUTH brings with it more policy control than UCI as a necessary function of the notion of delegation, and that's a shame. Perhaps the UCI-aficionados who started openid will force some hybrid..that preserves and guarantees user independence, autonomy, portability, etc. from providers.


More information about the general mailing list