[OpenID board] Why Connect?
Nat
sakimura at gmail.com
Tue May 25 08:08:58 UTC 2010
I suppose v.Next at least tries to preserve some OpenID properties
such as verified identifiers, at least as an attribute.
=nat @ Mountain View via iPhone
On 2010/05/25, at 14:04, Brian Kissel <bkissel at janrain.com> wrote:
> I won't purport to know the answer to some of the tough questions
> we're wrestling with here, but do agree with Eran that whatever we
> do should be "market driven." To that end, what I'd really like to
> hear is from existing and prospective RPs who are following this
> list. We’ve had plenty of input from OPs and technologists. If we
> don't have enough input from RPs on this list, how do we get it? I’
> ve seen a post or two on this thread recently saying that we’ve evol
> ved beyond the point where a few folks can say “we know what’s
> best for the market” and others will follow. I agree with that sent
> iment, we need broader involvement and feedback, not necessarily on
> the specifications, but on the MRDs and PRDs that should be the prec
> ursors to our specifications work.
>
>
>
> I spoke with Daniel Jacobson of NPR today who is the chairman of the
> Adoption Committee, and a prospective RP, and asked him to provide
> his input to this discussion – which he will be doing shortly. I've
> also asked Rob Harles of Sears and Marc Frons of the NY Times, both
> OIDF board members, to provide input. At Janrain we're talking to e
> xisting and prospective RPs every day. While each have some unique
> requirements, many have similar objectives and concerns. Here's my
> take so far, but would really like to hear from other existing and p
> rospective RPs across a range of applications: social web, enterpris
> e, ecommerce, government, news & media, etc.
>
>
>
> · They want something that is backward and forward compatibl
> e if possible. Ripping and replacing core technologies is painful.
> If we’re going to make changes that break backwards compatibility (
> which it sounds like both OpenID V.Next and OpenID Connect have the
> potential of doing), let’s make sure that the new platform is extens
> ible enough to support future expected use cases and expanded functi
> onality – richer industry/application specific data, security enhanc
> ements, commerce enhancements, reputation management, multiple platf
> orms (PC, mobile, game consoles, etc.) If we do end up having to br
> eak backward compatibility, let’s make sure we have a clear and cons
> istent migration path that’s as seamless as possible for existing RP
> s. This doesn’t mean that the baseline lowest common denominator pl
> atform should be complex and difficult to deploy (to the contrary),
> but it should support extensions and enhancements that enable broade
> r used cases than the lowest common denominator.
>
> · They want a clear message on how all the related technolog
> ies can and should work together: OpenID, OAuth, SREG, AX, Portable
> Contacts, Activity Streams, Open Social, Artifact Binding, Contract
> Exchange, Discovery, UX Extension, etc. – both functionality and tim
> ing (roadmap).
>
> · They want something that is easy to deploy and maintain, a
> nd intuitive and compelling for end users. They can accept that for
> advanced features, additional effort and complexity will likely be
> involved.
>
> · They would like to see OPs behave in a consistent and pred
> ictable way as they evolve and enhance their services. If OPs behav
> e erratically and without clear and timely communications, it’s hard
> er to buy into the ecosystem.
>
>
>
> I hope I’ve accurately captured some of the feedback we’ve been
> hearing and if not I trust that the RPs that are monitoring this lis
> t will provide their feedback and recommendations.
>
>
>
> I’d encourage each of us who is monitoring this list to invite more
> RPs (existing and prospective) to the discussion.
>
>
>
> Cheers,
>
>
> Brian
>
> ___________
>
>
>
> Brian Kissel
>
> CEO - JanRain, Inc.
>
> bkissel at janrain.com
>
> Mobile: 503.342.2668 | Fax: 503.296.5502
>
> 519 SW 3rd Ave. Suite 600 Portland, OR 97204
>
>
>
> Increase registrations, engage users, and grow your brand with RPX.
> Learn more at www.rpxnow.com
>
>
>
> -----Original Message-----
> From: openid-specs-bounces at lists.openid.net [mailto:openid-specs-
> bounces at lists.openid.net] On Behalf Of Eran Hammer-Lahav
> Sent: Monday, May 24, 2010 7:01 PM
> To: Dick Hardt
> Cc: Joseph Smarr; OpenID Board (public); openid-specs at lists.openid.net
> Subject: RE: [OpenID board] Why Connect?
>
>
>
>
>
>
>
> > -----Original Message-----
>
> > From: Dick Hardt [mailto:dick.hardt at gmail.com]
>
> > Sent: Monday, May 24, 2010 6:20 PM
>
> > To: Eran Hammer-Lahav
>
> > Cc: Allen Tom; David Recordon; Joseph Smarr; OpenID Board (public);
>
> > openid-specs at lists.openid.net
>
> > Subject: Re: [OpenID board] Why Connect?
>
> >
>
> >
>
> > On 2010-05-24, at 6:08 PM, Eran Hammer-Lahav wrote:
>
> >
>
> > > The question is:
>
> > >
>
> > > Is the OIDF interested in taking the lead in building an
> identity layer for
>
> > OAuth 2.0?
>
> > >
>
> > > I'm willing to bet that if the answer is no, it will be the
> beginning of the end
>
> > for OpenID. OAuth 2.0 + identity will fully cover the OpenID 2.0
> use cases in a
>
> > cleaner, more secure way.
>
> >
>
> > OpenID Connect as currently envisioned misses many of the internet
> identity
>
> > use cases.
>
>
>
> And covers most of the ones desired by those currently implementing
> OpenID. For those using OpenID 2.0 today, this proposal offers a
> full and significantly better replacement. This proposal is 100%
> market-driven, which is not something I can say about OpenID now or
> in the past. This proposal is driven by developers, providers, and
> end users.
>
>
>
> > >
>
> > > This is very much an issue of timing. If the problem is the
> name, call it the
>
> > "OAuth Identity Framework",
>
> >
>
> > OpenID Connect has very little to do with OpenID, and lots to do
> with OAuth.
>
> > That sounds like a better name.
>
>
>
> True if you define OpenID as nothing but a protocol. But if that is
> your definition, I think OpenID best days are behind it. People
> don't care about protocols, they care about products. I think it
> would be a mistake for the OpenID foundation to let OAuth take over
> such a huge chunk of the current OpenID use cases.
>
>
>
> > > leaving OpenID to be whatever the v.next WG decides it will be a
> year or
>
> > two from now.
>
> >
>
> > That sounds like a challenge I am will to take on. :)
>
>
>
> Well, that's something the foundation will have to figure out. All I
> can do is offer my perspective.
>
>
>
> EHL
>
> _______________________________________________
>
> specs mailing list
>
> specs at lists.openid.net
>
> http://lists.openid.net/mailman/listinfo/openid-specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20100525/de096eda/attachment-0001.html>
More information about the board
mailing list