OpenID Hybrid v2 Proposal (formerly known OpenID Connect)

Brian Kissel bkissel at janrain.com
Wed May 26 14:48:46 UTC 2010


+1 for having the work done inside the OpenID Foundation.

Cheers,

Brian
___________

Brian Kissel
CEO - JanRain, Inc.
bkissel at janrain.com
Mobile: 503.342.2668 | Fax: 503.296.5502
519 SW 3rd Ave. Suite 600  Portland, OR 97204

Increase registrations, engage users, and grow your brand with RPX.  Learn
more at www.rpxnow.com


-----Original Message-----
From: openid-specs-bounces at lists.openid.net
[mailto:openid-specs-bounces at lists.openid.net] On Behalf Of Eran
Hammer-Lahav
Sent: Wednesday, May 26, 2010 1:22 AM
To: openid-specs at lists.openid.net
Subject: RE: OpenID Hybrid v2 Proposal (formerly known OpenID Connect)

Discussing the name is a distraction. The issue is whether the OpenID
foundation wants to be where identity work is done, or where the OpenID
protocol (and nothing else) is done. Again, the question is very simple:
OAuth is going to have an identity layer (that's a done deal) - do you
want to work on it here under the OpenID foundation or not?

Everything else (like naming, migration path from OpenID 2.0 to OAuth 2.0
identity) is stuff for the WG to figure out.

This is a fundamental question far beyond all this geek talk: what is the
purpose of this community? Where are its boundaries? Is this the hub of
web identity work, or just one tiny piece of it?

I'm happy with any answer.

It would be helpful if people would voice clear opinions on this rather
than going in circles (i.e., start with "I'm for/against doing this work
here, and this is why...").

EHL

> -----Original Message-----
> From: openid-specs-bounces at lists.openid.net [mailto:openid-specs-
> bounces at lists.openid.net] On Behalf Of Martin Atkins
> Sent: Tuesday, May 25, 2010 5:49 PM
> To: openid-specs at lists.openid.net
> Subject: Re: OpenID Hybrid v2 Proposal (formerly known OpenID Connect)
>
> On 05/25/2010 01:56 PM, Allen Tom wrote:
> > Hi All,
> >
> > A better way to look at OpenID Connect is to just think of it as
> > revised version of the OpenID Hybrid. The purpose of the Hybrid WG was
> > to find a way to combine OpenID Authentication with the approval of an
> > Oauth access token into a single request/response.
> >
>
> "OpenID Connect" isn't actually compatible with OpenID at anything but
the
> highest conceptual level.
>
> > Renaming the OpenID Connect WG to be the OpenID Hybrid v2 WG could
> > possibly clarify the goals of the WG, and reduce confusion within the
> community.
> > Afterall - Hybrid is intended for the case where the user's IdP is
> > also the SP, so the Connect proposal is really a revised Hybrid
> > proposal, rather than a proposal for OpenID v.Next
> >
>
> I think this would only make sense if the resulting protocol were
functionally
> equivalent to OpenID. That is to say that I can implement it against my
> existing OpenID infrastructure without doing data migrations, changing
my
> UI, etc.
>
> I think the most important deviation in OpenID Connect is that the
identifier
> is no longer expected to be human-readable; while I completely agree
that
> this is the right design if we're starting over from a clean slate,
that's a
> breaking change for most existing consumer implementations that link to
the
> identifier as the user's "home page" or "profile page".
>
> I still think this thing should be branded with a stronger OAuth
connotation
> than an OpenID connotation, since it's far closer to OAuth than it is to
> OpenID. I didn't really like the OpenID Connect name, but at least it
made it
> sound like this was something new and different; calling it OpenID/OAuth
> Hybrid makes it sound a lot more like a different implementation of the
same
> thing than the radical rethink that OpenID Connect actually represents.
>
> That's my two cents, at least.
>
>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
specs at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs


More information about the specs mailing list