RFC: Final outstanding issues with the OpenID 2.0 Authentication specification

Don MacAskill don at smugmug.com
Fri May 18 14:48:39 UTC 2007


Josh Hoyt wrote:
> If these four issues are resolved, can we call the OpenID 2.0
> Authentication specification done? Speak up if you have any other
> show-stoppers.
>
> Josh
> 

I hate to speak up last minute, but I was at a few tech conferences in 
the past month or two, and spoke with lots of passionate OpenID 
proponents.  There was a common thread among our discussions:  "OpenID 
2.0 seems to be getting massively more complex without a clear reason to 
do so.  One of the best things about OpenID 1.1 is how easy and simple 
it is to write for."

My company, SmugMug, is an OpenID provider for hundreds of thousands of 
"high value" paying accounts, and will shortly be a consumer as well. 
I'll freely admit that I haven't fully digested 2.0's pre-spec, but at 
least part of that reason is it looks like it adds a lot more 
complexity.  I can honestly say that if I had seen it as a spec, rather 
than 1.1, I would have certainly put off implementation, possibly 
indefinitely.

As a relative newcomer to the OpenID community, I realize this may have 
been debated endlessly already, and I may just be shouted down.  I'm a 
n00b, I get that.  But are we really sure that a much more complex spec 
is in the best interests of the community?

Or am I alone here?

Thanks,

Don



More information about the specs mailing list