[OpenID board] Why Connect?

David Recordon recordond at gmail.com
Tue May 25 17:13:00 UTC 2010


Agreed. http://openidconnect.com/#associations


On Tue, May 25, 2010 at 11:11 AM, Monroe, Grant <grant at janrain.com> wrote:

> As long as the technology supports dynamic associations, and
> preregistration isn't the status quo for authentication, I'll be
> happy. I think that these basic facts have allowed OpenID to be even
> remotely successful.
> -- Grant
>
> On Tue, May 25, 2010 at 10:00 AM, David Recordon <recordond at gmail.com>
> wrote:
> > Grant, I don't disagree with you. I have however seen this sort of
> > whitelisting requirement from both the provider (i.e. AOL initially) and
> > consumer (i.e. Federal Government) sides. OpenID 1.0 and 2.0 allowed them
> to
> > do this. As Eran said, it's really not about the technology but rather
> > trust, liability, and policy. I also believe that most large providers
> will
> > support dynamic associations for accessing at least basic information and
> > others will not have any form of preregistration at all.
> > --David
> >
> > On Tue, May 25, 2010 at 10:35 AM, Eran Hammer-Lahav <eran at hueniverse.com
> >
> > wrote:
> >>
> >> It isn't much different from white listing providers, or using buttons
> >> instead of an input box as is common today. Reality is that until we
> solve
> >> the legal issues around trust and liability, the technical solution
> doesn't
> >> matter. Standard machine readable TOS is just the first step. Figuring
> out
> >> the issue of liability is a much bigger issue which is key to any
> meaningful
> >> OpenID adoption.
> >>
> >> I view the OpenID Connect proposal as a to-do list for the OAuth
> community
> >> to fill in the missing pieces. For example, OAuth needs to support
> endpoint
> >> discovery, unregistered clients, basic immediate mode and username
> support,
> >> and request and response signatures with either symmetric or asymmetric
> >> secrets. These are all *OAuth* elements that should be standardized by
> the
> >> OAuth community in the IETF.
> >>
> >> However, putting these components together for a coherent identity
> >> framework is what I expect from the OpenID community. It will probably
> mean
> >> that the OpenID WG will need to work closely with the OAuth WG and
> provide
> >> feedback and requirements. But at the end, someone will need to write a
> spec
> >> that puts this all together and that should be the OpenID foundation,
> even
> >> if this spec is not much more than glue.
> >>
> >> EHL
> >>
> >> > -----Original Message-----
> >> > From: openid-specs-bounces at lists.openid.net [mailto:openid-specs-
> >> > bounces at lists.openid.net] On Behalf Of Monroe, Grant
> >> > Sent: Tuesday, May 25, 2010 5:36 AM
> >> > To: David Recordon
> >> > Cc: Joseph Smarr; OpenID Board (public);
> openid-specs at lists.openid.net
> >> > Subject: Re: Why Connect?
> >> >
> >> > > Eran Hammer-Lahav (with a +1 from Chuck Mortimore):
> >> > >>
> >> > >> My guess is that an OAuth identity layer will not be a good thing
> for
> >> > >> OpenID adoption. OAuth providers will get it for free.
> >> >
> >> > You know what's not good for adoption? Having to go to 20 different
> >> > developer portals. Trying to figure out how to create an OAuth
> >> > application in
> >> > 20 different ways. Verifying your domain in 20 different ways.
> Agreeing
> >> > to 20
> >> > different terms of service.
> >> >
> >> > I know that the OpenID Connect proposal mentions an association step,
> >> > but
> >> > if all the major providers wind up requiring preregistration, it is a
> >> > moot point.
> >> > My gut is that using OAuth as the base will be very good for a few
> >> > players,
> >> > and bad for identity on the whole.
> >> >
> >> > --
> >> > Grant Monroe
> >> > JanRain, Inc.
> >> > _______________________________________________
> >> > specs mailing list
> >> > specs at lists.openid.net
> >> > http://lists.openid.net/mailman/listinfo/openid-specs
> >> _______________________________________________
> >> specs mailing list
> >> specs at lists.openid.net
> >> http://lists.openid.net/mailman/listinfo/openid-specs
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20100525/f718c698/attachment.html>


More information about the board mailing list