[OpenID] Is Ignoring Attribute Exchange a strategic error?
drecordon at verisign.com
Thu Jan 18 22:32:13 UTC 2007
I don't see why the specs@ list can't be used to discuss AX, the volume
has been low for a few weeks now anyway. :)
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Dick Hardt
Sent: Thursday, January 18, 2007 2:14 PM
To: Scott Kveton
Subject: Re: [OpenID] Is Ignoring Attribute Exchange a strategic error?
On 18-Jan-07, at 11:12 AM, Scott Kveton wrote:
>> AX is why Sxip joined OpenID. SSO is nice for sites, but what we have
>> found they really want, and should be clear to the OpenID community
>> since SREG was created, is moving identity attributes.
> I just want to be clear here as I have been in face-to-face meetings
> with folks and I'll say it here on the list; JanRain is totally behind
> attribute exchange and will support it in our libraries and within the
> community. Its going to be critical to the long-term success of
Good to hear you are still behind AX. You had me worried there for a
> My point from the previous email was that if we don't have a
> ubiquitous authentication mechanism, then anything else that follows
> it is moot.
I completely agree, although I view Authentication as just another type
of attribute exchange, but I digress.
>> OpenID does NOT solve phishing, in fact if the OP is not implemented
>> well, it can make phishing easier as pointed out in Kim Cameron's
>> blog .
> Hopefully some of the recent discussions we've been having with
> Mozilla and
> Microsoft can help change that.
Let me clarify my statement:
OpenID Authentication 2.0 does NOT solve phishing, and is solving it
is out of scope.
Although I lobbied for it, there is no explicit support for client
side support of OpenID Authentication 2.0.
This may be just as well, as there can be a separate specification on
this, and the thinking from various parties has advanced as of late.
I do agree that as a community we need to focus on adoption of OpenID
Authentication 2.0, (which should be done with the latest draft) --
but I think many people are looking for AX, and we should get that
out there quickly as well.
As for other specifications, my experience in the Perl community was
things really blossomed when innovation was not constrained to the
"core" . I would like to encourage people to draft and discuss
extensions to OpenID. I think this is working really well for Firefox
As much as I cringe at suggesting this, perhaps starting a new list
for those interesting in working on and participating with extensions
be created so that work on Authentication, AX and phishing can be
focussed? Any other suggestions on keeping focus while allowing
general mailing list
general at openid.net
More information about the general