[OpenID] Exchange could be a strategic error -- if done now rather than later...
Dick Hardt
dick at sxip.com
Tue Jan 16 07:18:08 UTC 2007
On 15-Jan-07, at 10:55 PM, Bob Wyman wrote:
> On 1/16/07, Johannes Ernst <jernst+openid.net at netmesh.us> wrote:
> > What about we communicate that "two-tier structure" with respect to
> > OpenID branding ... more clearly?
>
> +1, Yes. Differentiating between the core and the myriad of layered
> capabilities would be make it vastly simpler to clearly communicate
> what OpenID is all about. We should be very careful to make sure
> that the "core" is as light, simple, secure, and as easy to
> implement as possible. Fortunately, it seems to be pretty close to
> that today.
This what was done with Perl 5. There was the standard distribution
that included very popular modules, and then CPAN for innovation to
flourish. Of course deciding what was in the standard distribution
was somewhat political. :-)
>
> > the foundation of everything OpenID -- Yadis -- was
> > created for the specific purpose to let everybody
> > plug in whatever services they like to.
>
> Yes, of course. To my way of thinking, there are two essential
> things that OpenID provides:
> A method for providing site-independent, distributed numerical
> identity
> A framework for building a wide variety of layered capabilities
> I believe it would be best, when we speak of OpenID, to focus on
> just these two things. All else should be spoken of as "layered
> on", "enabled by" or "compatible with" OpenID. Thus, we should NOT
> have "OpenId Attribute Exchange" rather, we should have "OpenID
> Layered Attribute Exchange" or "Attribute Exchange enabled by OpenID".
There are numerous use cases where the RP does not want to
authenticate the user, but wants to get Attributes. Their reason for
using OpenID is to get information about the user. This is why the
openid.identity and openid.claimed_id are optional in OpenID
Authentication. Most of the OpenID Authentication spec is discovery
and moving a message. The actual request and response of the the
identifier is simple. Similarly, Attribute Exchange is a simple
extension to OpenID Authentication.
>
> Keep the core of OpenID simple and clean. Otherwise, it will be too
> hard to talk about this stuff. If this stuff gets too complicated
> we may have good technology, but we'll lose the marketing war.
> Let's not let this become like WS* which could have been very
> simple, yet became comically complicated before anyone even had a
> chance to begin implementing it.
Bob, just curious, have you looked at Attribute Exchange? OpenID AX
is 35K of HTML with lots of formatting tags, and you can read it in a
few minutes.
http://openid.net/specs/openid-attribute-exchange-1_0-04.html
We have implemented the draft in the Java libraries we have at
http://code.sxip.com/openid4java/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070115/dcc8eaec/attachment-0002.htm>
More information about the general
mailing list