[OpenID] Rule of thumb
Peter Williams
pwilliams at rapattoni.com
Sat Jul 14 00:33:27 UTC 2007
Also CAcert has nothing - I repeat NOTHING - to do with "Open Source" whatsoever, but CAcert is a community operated web-of-trust scheme.
--------------------
This got me thinking, all afternoon. Open Source means folks writing software, one might infer. So, why did I feel right to use the term?
In my view, Open Source means writing legal agreements (a form of software). Use of community property begets certain obligations.
Open Source means writing federation policies. Use of community property begets certain obligations.
Open Source means developing/writing certification practice statements? Use of community property begets…
It’s a state of mind, surely: not merely the ability to be a god of Unix device drivers.
If OpenID - as a vendor-led community – is heading for the fully de-centralized infrastructure vision that is implied by its technological potential, OpenID folk and CAcert folk should actually get on fine – old PKI wars about browsers and certs, aside.
If OpenID infrastructure turns out to emulate in its default trust models that used when delivering https in webland today (or more viciously, vendor clubs rig the infrastructure with lobbying funds so it adopts the “mega-TTP model”), CAcert folks will be in exactly the same position with OpenID as they are with the vendors of browsers for the public: outcast.
This has been actually been an excellent use case analysis. Organized realty has folks with actual, analogous approach to trust management as that being investigated by the CAcert community in PKI. Like such people or despise their view on life, they are present and entirely valuable participants in the Realty world – at least. We will love you, if no-one else will! Folks may not realize it, but 1.3 million Realtors are amongst the world’s best social networkers. Each individual’s commission check at the end of the next month depends solely on that exhibiting that skill. At the same time, each Realtor is in competition with the one up the road, as are broker offices, and as our towns vying for deals in that suddenly interesting parcel of land that was desert, 30 years ago. So, lots of interesting, local-community-driven trust practices have evolved over the last 30+ years of online brokering.
Mental note to self: OpenID, at least when applied to de-centralized realty’s private management domain, has to show it can adopt, extend and live happily with a CAcert approach to trust management (as well as other means, such as assurances-based evaluation). After all, SAML2 had no problem; and is functionally identical to OpenID. If OpenID in practice comes overly loaded with a preset set of ideas about how Realty shall orchestrate trust management, it might well not be suitable for adoption. But, finding this out is exactly why I’m here, and why several of us are reaching out to OpenIDers!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070713/724b2614/attachment-0001.htm>
More information about the general
mailing list