OpenID V.Next - Some Views to Consider

Phillip Hallam-Baker hallam at gmail.com
Thu May 13 22:43:00 UTC 2010


Users may not know what they want.

But they sure have told us that they absolutely do not want URIs as
user identifiers. They do not want that any more than they want fire
that can be fitted nasally.

They have also demonstrated a complete lack of interest in XRIs as identifiers.


I am certainly not arguing against these positions as "nobody has ever
tried it, so don't even bother offering". I am arguing against them on
the basis that they were tried against my advice, that the results of
that trial were complete failure in precisely the way that I predicted
and that we should on absolutely no account attempt this experiment
yet again and waste yet more time and the patience of adopters.


On Thu, May 13, 2010 at 6:35 PM, SitG Admin
<sysadmin at shadowsinthegarden.com> wrote:
> I need to borrow your hat for a minute, Peter :)
>
> At 4:00 PM -0400 5/13/10, Phillip Hallam-Baker wrote:
>>
>> For thirty years Internet users have understood their user identifier
>> to be username at domain.
>>
>> I see absolutely zero interest from end users in being identified in
>> any other way. The attempts to provide them with this 'flexibility;
>> are unwanted and unnecessary.
>
> Have you studied marketing much? The ideal of "ask users what they want and
> give it to them" hasn't worked out perfectly, because it turns out users
> don't always *know* what they want - especially when they aren't familiar
> with it yet (think the Aero Chair).
>
> To address your assertion directly, though: you're presenting one side of an
> idealogical argument, from the "status quo" - *of course* such flexibility
> isn't necessary, because the only thing it offers over the necessity of
> maintaining that status quo is change, which would be disruptive. The flip
> side of this argument is that, if OpenID is to idealogically represent the
> user as the centre of their own identity ("user-centric") rather than as a
> wholly owned subsidiary of their patron website ("@domain", naturally
> requiring DNS), then it has the right to help users better understand their
> rights and options.
>
> As an idealogical argument, it works; where it falls flat is in the
> technological arena (ideals against practical reality? really?), and I wish
> you'd present more of those (backward compatibility was an *excellent*
> point) instead of relying so much on the *implicit* perfection of a
> long-entrenched model.
>
> I repeat: you made a *compelling* technical argument. It's just that "nobody
> has ever tried it, so don't even bother offering" detracts from what you're
> saying.
>
> I will make one observation - those earlier criticisms of OpenID that it's
> no better than the many past (failed) attempts? If we strive to provide
> nothing more than those other tries did, OpenID really *will* be no
> different from them.
>
>> The only new mechanism is part 3
>
> What version of the charter's draft are you looking at? I don't see:
>
>> 2) The resolution protocol for the domain part of the user identifier
>> is totally independent of any application protocol, including HTTP, it
>> uses DNS and only DNS to resolve the DNS name.
>
> I don't see this mentioned *anywhere*. Has there been an update?
>
> -Shade takes off Peter's hat and hands it back
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>



-- 
Website: http://hallambaker.com/


More information about the specs mailing list