[OpenID] Exchange could be a strategic error -- if done now rather than later...

Dick Hardt dick at sxip.com
Tue Jan 16 07:18:08 UTC 2007

On 15-Jan-07, at 10:55 PM, Bob Wyman wrote:

> On 1/16/07, Johannes Ernst <jernst+openid.net at netmesh.us> wrote:
> > What about we communicate that "two-tier structure" with respect to
> > OpenID branding ... more clearly?
> +1, Yes. Differentiating between the core and the myriad of layered  
> capabilities would be make it vastly simpler to clearly communicate  
> what OpenID is all about. We should be very careful to make sure  
> that the "core" is as light, simple, secure, and as easy to  
> implement as possible. Fortunately, it seems to be pretty close to  
> that today.

This what was done with Perl 5. There was the standard distribution  
that included very popular modules, and then CPAN for innovation to  
flourish. Of course deciding what was in the standard distribution  
was somewhat political. :-)

> > the foundation of everything OpenID -- Yadis -- was
> > created for the specific purpose to let everybody
> > plug in whatever services they like to.
> Yes, of course. To my way of thinking, there are two essential  
> things that OpenID provides:
> A method for providing site-independent, distributed numerical  
> identity
> A framework for building a wide variety of layered capabilities
> I believe it would be best, when we speak of OpenID, to focus on  
> just these two things. All else should be spoken of as "layered  
> on", "enabled by" or "compatible with" OpenID. Thus, we should NOT  
> have "OpenId Attribute Exchange" rather, we should have "OpenID  
> Layered Attribute Exchange" or "Attribute Exchange enabled by OpenID".

There are numerous use cases where the RP does not want to  
authenticate the user, but wants to get Attributes. Their reason for  
using OpenID is to get information about  the user. This is why the  
openid.identity and openid.claimed_id are optional in OpenID  
Authentication. Most of the OpenID Authentication spec is discovery  
and moving a message. The actual request and response of the the  
identifier is simple. Similarly, Attribute Exchange is a simple  
extension to OpenID Authentication.

> Keep the core of OpenID simple and clean. Otherwise, it will be too  
> hard to talk about this stuff. If this stuff gets too complicated  
> we may have good technology, but we'll lose the marketing war.  
> Let's not let this become like WS* which could have been very  
> simple, yet became comically complicated before anyone even had a  
> chance to begin implementing it.

Bob, just curious, have you looked at Attribute Exchange? OpenID AX  
is 35K of HTML with lots of formatting tags, and you can read it in a  
few minutes.


We have implemented the draft in the Java libraries we have at


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070115/dcc8eaec/attachment-0002.htm>

More information about the general mailing list