OpenID Hybrid v2 Proposal (formerly known OpenID Connect)

Allen Tom atom at yahoo-inc.com
Wed May 26 02:09:25 UTC 2010




On 5/25/10 6:25 PM, "Martin Atkins" <mart at degeneration.co.uk> wrote:

>
> 
> OpenID Connect changes are a lot more pronounced:
>   * The thing I want the user to enter is no longer an OpenID identifier
> but rather a provider domain.

I am a little biased towards my own service, but I don't think this is an
issue for Yahoo.


>   * The thing that comes back is no longer a URL for a human-readable
> page but rather the URL for a machine-readable resource that may or may
> not link to a human-readable page.

Again, speaking for the Yahoo OP, the OpenID identifier URL that we return
is generally not meant for human consumption. 99.9+% of all Yahoo OpenIDs
are machine generated and do not contain any content on the page referenced
by the URL.

We do have an exception for Flickr OpenID urls though - since they are human
readable and they reference the user's flickr photostream.

>   * None of the identifier data I already have for users will be valid
> in Connect, so I must implement yet another "migrate your account" flow
> in addition to the flow I already had to allow a user to attach an
> OpenID identifier to a username/password-based account.
> 

Again, the Yahoo case - I would expect that the data and services exposed
via Connect would be identical to what we currently offer via Hybrid. (That
also raises an interesting question as to why implementors who have already
heavily invested in OpenID 2.0 would want to re-implement everything -
without offering any new features)


> If the resulting spec has an upgrade path built into it then I'm
> slightly less concerned, but it still feels a little weird to call it
> "OpenID/OAuth Hybrid" when the result is not conceptually compatible
> with OpenID and requires pretty significant changes to deployed
> infrastructure.
>

At least for existing implementers of OpenID Hybrid, the OpenID Connect
proposal implements exactly the same features, and shares exactly the same
data. The only difference is that the user's identifier might be different
(or it might be the same)

Allen



More information about the specs mailing list