[OpenID] Rule of thumb

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Sat Jul 14 21:13:39 UTC 2007 

Hi Peter,

For me Open Source is about the source, An Open Standard is about the 
standard. GPL is an open source license (for the legal stuff). Policy 
and practice statements have certainly nothing to do with open...

Communities are communities...there are many different kinds of. 
Needless to point out where this comes into play at many of the open 
source projects, but there is open source without a community and there 
are communities without any source.

CAcert is a (not so open) community which runs a web-of-trust; no open 
standard and no open source. And since you touched the word 
"obligations" below, at CAcert there are no obligations. There isn't any 
liability either and if you have worked with volunteers in any/most 
community projects than I'm sure you know where the commitments end...

Perhaps what OpenID is, somebody else knows to define better than me, 
but right now for me it seems to be an open standard. Similar as 
Jabber/XMPP is an open standard. Or many other open standards out there...

-- 
Regards
 
Signer:      Eddy Nigg, StartCom Ltd.
Jabber:      startcom at startcom.org
Phone:       +1.213.341.0390


Peter Williams wrote:
>
> * *
>
>  Also CAcert has nothing - I repeat NOTHING - to do with "Open Source" 
> whatsoever, but CAcert is a community operated web-of-trust scheme.
>
> --------------------
>
>  
>
> This got me thinking, all afternoon. Open Source means folks writing 
> software, one might infer. So, why did I feel right to use the term?
>
>  
>
> In my view, Open Source means writing legal agreements (a form of 
> software). Use of community property begets certain obligations.
>
>  
>
> Open Source means writing federation policies. Use of community 
> property begets certain obligations.
>
>  
>
> Open Source means developing/writing certification practice 
> statements? Use of community property begets…
>
>  
>
> It’s a state of mind, surely: not merely the ability to be a god of 
> Unix device drivers.
>
>  
>
> If OpenID - as a vendor-led community – is heading for the fully 
> de-centralized infrastructure vision that is implied by its 
> technological potential, OpenID folk and CAcert folk should actually 
> get on fine – old PKI wars about browsers and certs, aside.
>
>  
>
> If OpenID infrastructure turns out to emulate in its default trust 
> models that used when delivering https in webland today (or more 
> viciously, vendor clubs rig the infrastructure with lobbying funds so 
> it adopts the  “mega-TTP model”), CAcert folks will be in exactly the 
> same position with OpenID as they are with the vendors of browsers for 
> the public: outcast.
>
>  
>
> This has been actually been an excellent use case analysis. Organized 
> realty has folks with actual, analogous approach to trust management 
> as that being investigated by the CAcert community in PKI. Like such 
> people or despise their view on life, they are present and entirely 
> valuable participants in the Realty world – at least. We will love 
> you, if no-one else will! Folks may not realize it, but 1.3 million 
> Realtors are amongst the world’s best social networkers. Each 
> individual’s commission check at the end of the next month depends 
> solely on that exhibiting that skill. At the same time, each Realtor 
> is in competition with the one up the road, as are broker offices, and 
> as our towns vying for deals in that suddenly interesting parcel of 
> land that was desert, 30 years ago. So, lots of interesting, 
> local-community-driven trust practices have evolved over the last 30+ 
> years of online brokering.
>
>  
>
> Mental note to self: OpenID, at least when applied to de-centralized 
> realty’s private management domain,  has to show it can adopt, extend 
> and live happily with a CAcert approach to trust management (as well 
> as other means, such as assurances-based evaluation). After all, SAML2 
> had no problem; and is functionally identical to OpenID. If OpenID in 
> practice comes overly loaded with a preset set of ideas about how 
> Realty shall orchestrate trust management, it might well not be 
> suitable for adoption. But, finding this out is exactly why I’m here, 
> and why several of us are reaching out to OpenIDers!
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070715/f318932c/attachment-0002.htm>

More information about the general mailing list