RFC: Final outstanding issues with the OpenID 2.0 Authenticationspecification

Recordon, David drecordon at verisign.com
Fri May 18 17:56:14 UTC 2007


Hey Don,
Certainly not alone, though I think what we really need to dig into is
if the spec is actually more complex from a feature perspective or
because it is much more verbose and adds clarity over 1.1.  Splitting
discovery into a separate spec I think will also help in the document
being less intimidating.  This is certainly an important issue though,
OpenID has largely been successful because of how simple OpenID 1.1 +
Yadis + SREG is compared to the value provided.

--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Don MacAskill
Sent: Friday, May 18, 2007 7:49 AM
To: OpenID specs list
Subject: Re: RFC: Final outstanding issues with the OpenID 2.0
Authenticationspecification


Josh Hoyt wrote:
> If these four issues are resolved, can we call the OpenID 2.0 
> Authentication specification done? Speak up if you have any other 
> show-stoppers.
>
> Josh
> 

I hate to speak up last minute, but I was at a few tech conferences in
the past month or two, and spoke with lots of passionate OpenID
proponents.  There was a common thread among our discussions:  "OpenID
2.0 seems to be getting massively more complex without a clear reason to
do so.  One of the best things about OpenID 1.1 is how easy and simple
it is to write for."

My company, SmugMug, is an OpenID provider for hundreds of thousands of
"high value" paying accounts, and will shortly be a consumer as well. 
I'll freely admit that I haven't fully digested 2.0's pre-spec, but at
least part of that reason is it looks like it adds a lot more
complexity.  I can honestly say that if I had seen it as a spec, rather
than 1.1, I would have certainly put off implementation, possibly
indefinitely.

As a relative newcomer to the OpenID community, I realize this may have
been debated endlessly already, and I may just be shouted down.  I'm a
n00b, I get that.  But are we really sure that a much more complex spec
is in the best interests of the community?

Or am I alone here?

Thanks,

Don
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs



More information about the specs mailing list