XAuth critiques

Phillip Hallam-Baker hallam at gmail.com
Tue Jun 8 04:19:04 UTC 2010


As often happens in these debates, we have a proposal that has an
acknowledged issue that we are being told isn't an issue because the
developers don't see it as an issue.

I really take offense when I raise an issue and someone says 'that
does not matter to anyone' or 'that issue has been dealt with'. The
one issue that I have never found it difficult to get the industry to
agree on is the necessity of ensuring that no party gains a
proprietary leverage in a communication protocol.


I don't see how the promise that the issue will be fixed in future
changes anything. Either the centralization is easy to eliminate from
the protocol or it isn't. And if it is easy to eliminate then why
introduce it in the first place?


The starting point for identity in my view is that I have to entirely
own my name. There cannot be any entity that can use the investment I
make in my name to extract rent at a future date. No corporation, no
not-for-profit, no non-profit, no industry group. Nothing.

The reason I tolerate DNS is that the operation of the DNS does not
depend on a single entity regardless of what ICANN might try to get
you to believe because ICANN does not have control over the country
code domains. Some of the country code domains still refuse to pay the
scutage demanded by ICANN for inclusion in the root.

ICANN is tolerable because the various components are sufficiently
independent and sufficiently loosely bound that if push comes to shove
and ICANN was to attempt to defect, the entire stack of cards would
collapse. The root would fracture. That is not a property that any of
the proposed alternatives have.


The names that the users want to use are username at domain.name

There is no need for any discovery infrastructure other than the DNS
to resolve such names and no application discovery infrastructure
offers the same technical capabilities such as failover through SRV
records as the DNS does.

But we keep coming back to this model because driving traffic through
a central node creates business models for the party controlling that
node that the VC community thinks they understand.


More information about the specs mailing list