[OpenID] Facebook wildfire spreading of OpenID

Andrew Arnott andrewarnott at gmail.com
Tue Apr 14 04:22:57 UTC 2009 

Peter,
I agree with all your points.  The "huh?" and "what?" comments were the
responses that most web surfers will give you if confronted with those
points as you've worded them.  If these were to be posted to this Facebook
Group, we'd have to reword these, probably as entire scenarios that people
could read and relate to.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire


On Mon, Apr 13, 2009 at 9:14 PM, Peter Williams <pwilliams at rapattoni.com>wrote:

>
>
>
>
> *From:* Andrew Arnott [mailto:andrewarnott at gmail.com]
> *Sent:* Monday, April 13, 2009 8:55 PM
> *To:* Peter Williams
> *Cc:* Kenneth Kron; oauth; openid General
>
> *Subject:* Re: [OpenID] Facebook wildfire spreading of OpenID
>
>
>
> Peter, my parents' responses inline.
>
>  What is openid’s core value, for a parent?
>
> Here is a few of the spins I’ve heard over the last 2 years:
>
> 1                     Urls are so magical that your openid URL means you
> don’t need multiple passwords
>
>  What?
>
> * *
>
> *[Peter Williams] Yes – the “url” hyptothesis. Because openid is all based
> on the URL, websso will now work and be widely adopted (where it doesn’t and
> won’t when the subject’s id is expressed in any other form other than a
> URL).*
>
>
>
>  2                     Addresses commenting spam
>
>  What?
>
> * *
>
> * [Peter Williams]  yes, Ive heard it said that a motive for the original
> authenticated comments application of openid is was to ensure that only
> trusted commentators (i.e. the comment is supported by an trustworthy
> assertion) would have the privilege of posting public comments – so a blog
> would not be filled with comment spam.*
>
>
>
>  3                     Brings PGP’s web of trust to life, though linkup
> with ebay-reputation systems
>
>  Huh?
>
> * *
>
> * [Peter Williams] yes +1, -19, ++4. Ive heard it said that the trust
> model that openid will evolve to (seeing as https is not really
> openid-friendly) will exploit reputation frameworks. Associated with an
> assertion will be a reputation, shared in RP affiliation communities. openid
> becomes viable when reputation becomes a managed infrastructure. (OASIS even
> chartered a group to focus on this, if I recall).*
>
>
>
>  4                     Easy signup to new accounts
>
>  Oh!  Cool.
>
> * *
>
> *[Peter Williams]  yes. I’ve heard to explained that RP’s will perform
> identity management, and during signup attribute from an OP will be
> transferred to the new account at the RP. I’ve also heard the opposite: the
> best and “most promising” RPs will not maintain accounts, have no local
> login, and ONLY ever create sessions in response to an openid assertion.*
>
>
>
>  5                     Get portability of identity, like with your phone
> number
>
>  Umm... phone number I know.  But what's portable identity?
>
> * *
>
> *[Peter Williams]  I heard it said that openid was all about ensuring that
> having bound an openid to an RP to get some service, one could then migrate
> from one assertion making party to another, and there would be no impact on
> your relationship with that RP. This is like having the relatively new right
> to transfer a phone number between carriers, rather than the older world in
> which carriers captured subscribers because there erected a barrier to
> exiting their plan (you lost your contacts, as the phone number “belonged
> to” the carrier, not you)*
>
>  6                     Addresses privacy policies  through explicit
> consent
>
>  um... privacy is good.
>
> * *
>
> *[Peter Williams] I’ve heard it said that openid is ONLY about the browser
> world, as ONLY in the browser world do you get UI that facilitates explicit
> management of consent –and a point at which one can control which attributes
> are release to which (more or less trusted) parties (under your personal
> privacy regime). ONLY if there is “special” class of ui can openid work
> project the security one needs, and it MUST involve address bars.*
>
> * *
>
> * *
>
> *Yes.. all those things above have been hinted at as being among the
> unique “value points” of openid (vs any other websso scheme). Most of them
> reflect social benefits, or convenience features.*
>
> * *
>
> * *
>
> *I forgot another common claim, earlier, of course. The Openid movement
> [generally] solves phishing.*
>
> * *
>
> * *
>
> * *
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090413/467100d4/attachment.htm>

More information about the general mailing list