[OpenID] Rule of thumb

Peter Williams pwilliams at rapattoni.com
Thu Jul 12 18:10:26 UTC 2007 

The find the implied concept in your email fascinating.
 
Lets get back to use cases, therefore.
 
In realty, we have certain mega-RPs. Even though realtors membership is managed by a local association, and their listings and identities are managed by region-wide MLSs, half the entire national community also independently procure a web-subscription for a forms package from a certain vendor. Those forms use a schema-driven engine, so the form contents are delivered according to the rules and regs of each town - given each city's business and zoning regulations always impact the delivery of $500k real estate transfers ... in one way or another.
 
That mega-RP is willing to take WebSSO requests from the collection of association/MLS acting as a fully distributed membership/IDP federation doing webSSO. Everyone wins, given there are lots of vendors, lots of competition, lots of alternatives to fall back on, and lots of ways of spinning quite real convenience and benefits.
 
Now, if this was a SAML list, Id be architecting that mega-RP NOT so it became an IDP, but that it became an SAML "affiliation point" for minor-RPs.
 
The point is this. The fact that the biggest national vendor has accepted you fully-decentralized OpenID (acting as just a relying party) allows it to play a role benefiting second-generation relying parties - who say....well he relied: im going to rely on the fact that he relied. And, that's what the affiliation model provides for me in the SAML world.
 
Now, how can we do this with OpenID?
 
The klutzy way is to make that mega-RP into an mega-IDP, upsetting the balance of power and creating a centralized monster.  That prospect will cuase a political backlash, similar to the ccounter-current which killed-off voluntary PKI adoption.

________________________________

From: John Wang [mailto:jwanggroups at gmail.com]
Sent: Thu 7/12/2007 10:53 AM
To: Simon Willison
Cc: Peter Williams; general at openid.net
Subject: Re: [OpenID] Rule of thumb


On 7/12/07, Simon Willison <simon at simonwillison.net> wrote: 

	On 7/12/07, Peter Williams <pwilliams at rapattoni.com> wrote:
	> I keep reading over and over again that only end-users (i.e. the
	> students) select their OP; and can migrate it to various providers, at 
	> their whim. Or, register it with several providers -- in OpenID2.
	>
	> Isn't the concept of OpenID (user-centric id) contradictory with the
	> notion that one has an "institutionally-provided OpenID"? 
	
	I don't think so at all, for a bunch of reasons


I can see many larger RPs issuing their own institutional-provided OpenIDs, especially when they have some in-person verification in place already. 

I don't see a contradiction with having a few 



-- 
John Wang
http://www.dev411.com/blog/

More information about the general mailing list