[OpenID] An alternative OpenID UX

Peter Williams pwilliams at rapattoni.com
Tue Apr 14 17:51:46 UTC 2009


I don't see any confusion with Passport. Passport was an OP-centric model, whereas Santosh is proposing an RP-centric model - which is entirely compatible with openid trust, attribute and PAPE schemas.

Assuming OPs are two a penny and have no particular role in governing the relationship between the portability-empowered user and RP, there WILL have to be a negotiation between the interests of the RP and the interests of the user. But, that seems entirely natural. Users want mashups, and Service providers want stickiness. Somewhere, there is a middle ground. I suspect it will be found in the operator of the old merchant aggregator concept, pursued so successfully at VeriSign in the CC service-factoring world.

The openid/saml2 websso world is starting to look a little skewed by the lasted Microsoft identity initiative, concerning claims. Though little or nothing to do with Passport, it is rather asserting-party-centric - as, to the attribute are attached the permissions "granted" the RP. The RP MUST be running certified enforcement code, to be "trusted" to execute the attribute handling according to the rbac prescriptions borne within the SAML2/openid assertion. I *suspect* part of the current love-affair with OAUTH is not due to its protocol features allowing web browsing and web services client at browsed websites to cooperate nicely, but because it aligns (more) with this claims-centric *vision* of the world's relationships.

It is interesting just how quickly "claims" went from an evidentiary basis to a control basis, and the identity metasystem became a control _projection_ apparatus.

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Rabbit
> Sent: Tuesday, April 14, 2009 3:07 AM
> To: Santosh Rajan
> Cc: general at openid.net
> Subject: Re: [OpenID] An alternative OpenID UX
>
> I think you might be confusing Identity 2.0 with Microsoft Passport.
>
> OpenID is not about the RP. It's about the user. It's about the user
> being in control over how their identity is constructed, mixed,
> shared, viewed, copied, mashed, etc. The moment people forget that is
> the moment we start going back to decade old mistakes.
>
> If you are only concerned with having a verified e-mail address, find
> another way to collect that information. E-mail is just an identity
> attribute (and a clumsy, archaic one at that). Don't make the user
> jump through your hoops just to satisfy a data requirement.
>
> =Rabbit
>
> On Apr 14, 2009, at 1:26 AM, Santosh Rajan wrote:
>
> >
> > You Cant
> >
> >
> > Chris Messina wrote:
> >>
> >> I'm a little confused by the UI.
> >> What if I want to use my own self-provided OpenID?
> >>
> >> Chris
> >>
> >> On Mon, Apr 13, 2009 at 8:44 PM, Santosh Rajan <santrajan at gmail.com>
> >> wrote:
> >>
> >>>
> >>> PS:
> >>> It also sets a cookie so that the next time on it will show you
> your
> >>> selected Account in the button.
> >>>
> >>>
> >>> Santosh Rajan wrote:
> >>>>
> >>>> I am working on an OpenID UX with the following objectives.
> >>>> 1) Make it as simple as possible for the user under the
> >>>> circumstances.
> >>>> 2) RP's don't have to bother about authentication and
> verification.
> >>> They
> >>>> get an authenticated user with a verified email address.
> >>>>
> >>>> You can see it here
> >>>> http://myfeeds.myofiz.com http://myfeeds.myofiz.com
> >>>>
> >>>> I would like to add more OP's to this. But I am not sure if they
> >>> provide
> >>> a
> >>>> verified email address.
> >>>>
> >>>> Your comments and feedback will be usefull.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>> --
> >>> View this message in context:
> >>> http://www.nabble.com/An-alternative-OpenID-UX-
> tp23032699p23032765.html
> >>> Sent from the OpenID - General mailing list archive at Nabble.com.
> >>>
> >>> _______________________________________________
> >>> general mailing list
> >>> general at openid.net
> >>> http://openid.net/mailman/listinfo/general
> >>>
> >>
> >>
> >>
> >> --
> >> Chris Messina
> >> Citizen-Participant &
> >> Open Web Advocate
> >>
> >> factoryjoe.com // diso-project.org // vidoop.com
> >> This email is:   [ ] bloggable    [X] ask first   [ ] private
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >>
> >
> > --
> > View this message in context: http://www.nabble.com/An-alternative-
> OpenID-UX-tp23032699p23033453.html
> > Sent from the OpenID - General mailing list archive at Nabble.com.
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general



More information about the general mailing list