[OpenID board] upcoming Google announcement regarding OpenID

Santosh Rajan santrajan at gmail.com
Fri Jul 10 16:46:18 UTC 2009 

I think you are not seeing the real issue here. This is not about Google.
This is about a Company (it could have been anyone), who has a problem to
solve. It so happens we are already working on a solution. It is just that
we can't come up with a solution as fast as they would like it.

So why don't we at least give the Company credit for consulting with us, and
why don't we try to come up with a good, usefull solution for them? 


Will Norris wrote:
> 
> 
> On Jul 9, 2009, at 8:44 PM, Santosh Rajan wrote:
> 
>> Are you kidding? XRI TC hasnt even figured how to sign an XRD  
>> document. XML
>> DSig has been around for 11 years and it cant reliably sign an XML  
>> document?
>> Why don't XRI TC come out with a simple XRD draft as soon as  
>> possible and
>> relieve everyone from all this pain. IS the XRI TC waiting for the  
>> cows to
>> come home?
> 
> 
> You're welcome to track the progress of XRD in the OASIS svn  
> repository[0].  There is only a docbook version there, we don't have  
> the HTML versions in subversion... unfortunately the OASIS document  
> repository requires authentication.
> 
> [0]: http://tools.oasis-open.org/version-control/svn/xri/xrd/1.0/trunk/
> 
> While this is not really the best place to talk about XRD specifics,  
> I'll address your point about signatures to say that XRD is in fact  
> using XML DSig for signing.  More accurately, we're using a  
> constrained profile of DSig using Exclusive Canonicalization that  
> should be much easier to implement than full inclusive c14n.  This is  
> the same approach taken in SAML 2.0.
> 
> One of my personal qualms with Google's recommended discovery  
> extension is that it significantly differs from XRD in this (they are  
> using their own signing method instead of traditional DSig) and other  
> ways , while being strikingly similar in others.  I believe this will  
> lead to unnecessary confusion.  To be clear, my opposition to a  
> foundation endorsement of this is not based on the merits of the  
> proposed protocol (aside from some specific language I've already  
> pointed out)... the XRI TC is the correct place to debate that.   
> Rather, my opposition is based on my belief that widespread adoption  
> of the proposed protocol will confuse, and possibly fragment, the  
> community if XRD does end up being the solution for OpenID discovery  
> in the not-too-distant future.
> 
> 
> On Jul 9, 2009, at 5:10 PM, Eric Sachs wrote:
> 
>> We haven't formally announced it yet :-)  We keep delaying  
>> internally, but
>> at some point we'll have to launch it and I would be surprised if we  
>> can
>> hold off for longer then a few weeks given how many months we have  
>> already
>> delayed.  But when the drafts get finalized, we're hoping to support  
>> it
>> within a small number of days and remove documentation for the
>> proof-of-concept approach.  The partners we have already worked with  
>> have
>> read the warnings in our documentation that we will be switching the
>> discovery mechanism once the standards gets solidified, so they are  
>> prepared
>> to have to make that change on their side.
> 
> This sounds great, it's good to know that you plan on migrating to XRD  
> in a timely fashion when it is ready.  I don't mean to discount the  
> contributions Google has made to the community both in helping to  
> develop and implement these standards.  And if you need to go forward  
> with a temporary solution in the meantime in order to satisfy existing  
> customers, that's perfectly fine.  I understand that Google is free to  
> move forward with whatever is necessary for your business, I'm not  
> suggesting otherwise.  But if the work is being done with specific  
> partners, I'm not sure why that necessitates a public announcement  
> including endorsement from the foundation.  Is it not sufficient to  
> point implementors to the Google document on an individual basis,  
> which is what I would assume you've been doing thus far?  You're  
> absolutely right that a public announcement would likely lead at least  
> some in the community and the press to interpret this move as Google  
> trying to co-opt OpenID.  But I'm not sure that the foundation  
> publicly supporting the move is the right solution to that problem.
> 
> I think my particular horse is pretty well dead enough already, so  
> I'll shut up for now.  I've said my piece... it is of course the  
> board's decision to make.
> 
> -will
> _______________________________________________
> board mailing list
> board at openid.net
> http://openid.net/mailman/listinfo/board
> 
> 


-----

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: http://www.nabble.com/upcoming-Google-announcement-regarding-OpenID-tp24396556p24431020.html
Sent from the OpenID - Foundation Board mailing list archive at Nabble.com.

More information about the board mailing list