Enterprise Concerns

[Dick Hardt]

On 29-May-07, at 11:20 PM, Johannes Ernst wrote:

> Amen. Great list.
>
> I would add one more: let's focus single-mindedly on things that we  
> actually know are demanded by the market without which adoption  
> does not occur, instead of growing the amount of technology that  
> needs to be implemented into places where ROI (for implementors,  
> deployers, users, ...) is at best uncertain.

That sounds like a good theme Johannes. I have comments using that as  
a metric to James points below:

>
> Okay, I'm exaggerating. But directionally, I don't think I'm wrong  
> -- witness the discussion about the "complexity" of Authentication  
> 2.0 and the perceived relative benefits.
>
>
> On May 29, 2007, at 13:33, McGovern, James F ((HTSC, IT)) wrote:
>
>> Been silently observing many of the email exchanges over the last  
>> couple of weeks and from an end-customer perspective I am somewhat  
>> concerned. Some of the general themes I have observed are:
>>
>> 1. Too much focus on breaking compatibility with OpenID 1.1. While  
>> you have had some success, now is the time to break things. It is  
>> more important to get to the right long term approach earlier in  
>> the lifecycle.

I would agree with this.

>>
>> 2. Too much focus on being unphishable. While this is important  
>> and foward progress should happen, I don't think that this should  
>> be the only focus. I salute Kim Cameron for getting folks off  
>> their butt to solve this problem though.

Being easily phishable is stated barrier to adoption by most major  
portals. It needs to be solved.

>>
>> 3. Publish, publish, publish. Stop iterating and start publishing.  
>> The draft is way overdue and folks will not pay attention to a  
>> specification where velocity of change is occuring this frequently.
>>
>> 4. Tackle and discuss issues head on. I have seen several valid  
>> issues where folks way too easily dismissed the concern stating  
>> cliche phrases such as not in scope, someone else's problem, etc.

Sometimes things are out of scope. More often then not, a proposal is  
put out there and there is radio silence

>>
>> 5. Not soliciting end user feedback. The observation is that there  
>> are lots of folks attempting to create a product around the spec  
>> and are simply iterating in order to be interoperable but haven't  
>> asked themselves is this what buyers of software actually desire.  
>> Many of the features that make this interesting seem to go ignored  
>> (e.g. attestation, authorization, support for XACML, etc)

Not sure what you mean by end user feedback. The implementors? We  
have been getting lots of feedback on that.

Agreed that many of the interesting features that are available with  
attribute exchange tend to get ignored now.

At IIW Josh had a meeting to isolate what was still needing to be  
done to release 2.0. I hope we can keep up the momentum that we built  
there and get this version wrapped up!

-- Dick