[Marketing] OpenID Connect

Miles Carroll miles at chocolateconsulting.co.uk
Tue Jan 5 19:57:46 UTC 2010


Hi

As a commercial person, I have been looking at OpenID for 18 months,  
trying to figure out a way to extract commercial value from this great  
tech. So I agree the product side needs work.

I am trying to figure out how to use OpenID in cardholder not present  
card (CNP) transactions. Only about 25% of card transactions are 3D  
secure and the rest rely on the Address Verification Service (AVS) the  
challenge being that 90% of the address data is free typed into the  
shopping carts, so the formatting fails AVS. If we could normalise the  
address format and get some data quality over the Open ID we could use  
the data to power safer payments. My business processes around 200M  
card transactions a year.

Any ideas from a tech and product perspective how to join it up?

Regards

Miles Carroll
Managing Director
Universal Payment Gateway plc

+44 (0)1827 265005. Switchboard
+44 (0)1827 265006. Fax
www.upg.co.uk

Sent by iPhone


On 5 Jan 2010, at 07:35, David Recordon <recordond at gmail.com> wrote:

> +1, we need to make this a reality this year.
>
> On Mon, Jan 4, 2010 at 10:13 PM, Chris Messina <chris.messina at gmail.com 
> > wrote:
> Indeed, and thanks for both of your comments.
>
> I think David needs to flesh out how exactly he might rewrite OpenID  
> on top of OAuth WRAP, or OAuth 2.0, or OpenID v.Next... whatever we  
> call it, I think that the next generation of a "product" that our  
> community produces needs to have some level of parity with other  
> *connect-style APIs, which David previously outlined [1] as including:
>
> * profile
> * relationships
> * content
> * activities
>
> If the OpenID community fails to provide a meaningful and clear way  
> to exchange these kinds of data — in a way that is as simple and com 
> pelling to implement as Facebook or Twitter Connect, I think we're g 
> oing to have a very hard time getting our collective mojo back. That 
>  said, I have high confidence that we will meet that need.
>
> I also want to point out that I purposefully sent this message to  
> the marketing list, since OpenID Connect is something dreamed up as  
> a productization of the "open stack" — which is really more like "Ha 
> ilstorm" — an internal token for us to refer to a quasi-official col 
> lection of technologies known to [hand wavingly] work well together.
>
> While the bits have to add up here, that's not entirely what I'm  
> aiming OIC at (see what I did there?). Instead, OpenID Connect is  
> the name for a marketing vehicle that will enable us to take the  
> existing OpenID brand and extend it to cover things that site  
> creators and developers care about — going beyond just identity, and 
>  into the good stuff that make people want to build apps.
>
> I also think that, from a community maturation process perspective,  
> OpenID and OAuth have come to a point where they need to become more  
> closely aligned — and Dave's retelling of "identity as just another  
> attribute" helps me finally get it.
>
> Over time, we will evolve what OpenID and what OpenID Connect mean,  
> and find a place for OAuth and OAuth WRAP within the scheme of  
> things. For now, and for us, in 2010, the wider marketplace needs a  
> product that it can wrap its head around, and I think OpenID Connect  
> makes as good as sense as anything else I've heard. ;)
>
> Chris
>
>
> On Mon, Jan 4, 2010 at 7:12 PM, David Recordon <recordond at gmail.com>  
> wrote:
> Hey Dick,
> I could see a path where OpenID bolts discovery onto the front of  
> OAuth WRAP and then OpenID itself becomes a common set of parameters  
> exchanged within the user authorization flow of WRAP.  A consumer  
> could also get a WRAP access token in addition to identity  
> information (you're the one who told me a few years ago that an  
> identifier is just another attribute and not something special).  If  
> it's happening over SSL, a lot of the key exchange stuff goes away.   
> Already today OpenID uses a plain text association when being run  
> over SSL.
>
> --David
>
>
> On Mon, Jan 4, 2010 at 7:07 PM, Dick Hardt <dick.hardt at gmail.com>  
> wrote:
> Good article Chris, I commented on your blog, but bringing the  
> discussion here ..
>
> I agree that OpenID needs some serious product management. I like  
> the OpenID Connect label -> much better then the Open Stack.
>
> Technically, speaking as an author of OAuth WRAP, making OpenID an  
> OAuth WRAP Profile does not make sense. I do think that an OpenID v  
> Next would be very complementary to OAuth WRAP.
>
> One of the problems OpenID solves that WRAP does not is discovery  
> and key exchange. I would say that is most of the what OpenID does.
>
> Great to see the discussion pick up, it is going to be a very  
> interesting year!
>
> On 2010-01-04, at 4:05 PM, Chris Messina wrote:
>
>> Just wrote a post outlining my thoughts outlining a concept I  
>> called "OpenID Connect":
>>
>> http://factoryjoe.com/blog/2010/01/04/openid-connect/
>>
>> Interested in thoughts and feedback, and happy to expand the idea  
>> further.
>>
>> Chris
>>
>> -- 
>> Chris Messina
>> Open Web Advocate
>>
>> Personal: http://factoryjoe.com
>> Follow me on Twitter: http://twitter.com/chrismessina
>>
>> Citizen Agency: http://citizenagency.com
>> Diso Project: http://diso-project.org
>> OpenID Foundation: http://openid.net
>>
>> This email is:   [X] shareable    [ ] ask first   [ ] private
>> _______________________________________________
>> marketing mailing list
>> marketing at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-marketing
>
>
> _______________________________________________
> marketing mailing list
> marketing at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-marketing
>
>
>
> _______________________________________________
> marketing mailing list
> marketing at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-marketing
>
>
>
>
> -- 
> Chris Messina
> Open Web Advocate
>
> Personal: http://factoryjoe.com
> Follow me on Twitter: http://twitter.com/chrismessina
>
> Citizen Agency: http://citizenagency.com
> Diso Project: http://diso-project.org
> OpenID Foundation: http://openid.net
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
>
> _______________________________________________
> marketing mailing list
> marketing at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-marketing
>
>
> _______________________________________________
> marketing mailing list
> marketing at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-marketing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-marketing/attachments/20100105/8cf31a0b/attachment.htm>


More information about the marketing mailing list