Why Connect?
SitG Admin
sysadmin at shadowsinthegarden.com
Tue May 25 15:34:34 UTC 2010
>You know what's not good for adoption? Having to go to 20 different
>developer portals. Trying to figure out how to create an OAuth
>application in 20 different ways. Verifying your domain in 20
>different ways. Agreeing to 20 different terms of service.
I think the last could be addressed by giving both parties a
standardized way of automatically exchanging ToS points for
agree/reject testing.
>I know that the OpenID Connect proposal mentions an association step,
>but if all the major providers wind up requiring preregistration, it
>is a moot point. My gut is that using OAuth as the base will be very
>good for a few players, and bad for identity on the whole.
This sounds about right to me. Giving them the power to break
internet identity at large by suddenly shutting everyone else out may
seem like a good short-term plan, but it's far too risky to assume
that their motivations will not change in the future. OpenID needs to
be a protocol that is *not* vulnerable to being shut down at any time
by the collaboration of several "major players".
-Shade
More information about the specs
mailing list