RFC: Final outstanding issues with the OpenID 2.0 Authentication specification
Don MacAskill
don at smugmug.com
Fri May 18 14:48:39 UTC 2007
Josh Hoyt wrote:
> If these four issues are resolved, can we call the OpenID 2.0
> Authentication specification done? Speak up if you have any other
> show-stoppers.
>
> Josh
>
I hate to speak up last minute, but I was at a few tech conferences in
the past month or two, and spoke with lots of passionate OpenID
proponents. There was a common thread among our discussions: "OpenID
2.0 seems to be getting massively more complex without a clear reason to
do so. One of the best things about OpenID 1.1 is how easy and simple
it is to write for."
My company, SmugMug, is an OpenID provider for hundreds of thousands of
"high value" paying accounts, and will shortly be a consumer as well.
I'll freely admit that I haven't fully digested 2.0's pre-spec, but at
least part of that reason is it looks like it adds a lot more
complexity. I can honestly say that if I had seen it as a spec, rather
than 1.1, I would have certainly put off implementation, possibly
indefinitely.
As a relative newcomer to the OpenID community, I realize this may have
been debated endlessly already, and I may just be shouted down. I'm a
n00b, I get that. But are we really sure that a much more complex spec
is in the best interests of the community?
Or am I alone here?
Thanks,
Don
More information about the specs
mailing list