[OpenID] Reconsideringhttp://openiddifferent from https://openid

Peter Williams pwilliams at rapattoni.com
Sat Sep 22 04:15:49 UTC 2007


 
Lets note that there is nothing in the "concept" of OpenID that is particularly new. Its just WebSSO. Its been around a while in varous guises, and various predictions. Here are some old ones:-
 
http://www.internetnews.com/xSP/article.php/3411_1014961. 
http://www.infoworld.com/articles/hn/xml/03/01/07/030107hnliberty2.html?s=IDGNS
 
A little independent (old) commentary on Liberty  (and holds for OpenID) is at
http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci896956,00.html?Offer=5NEWS
 
The whole flow  of OpenID (with validation) is of course identical with that laid out at
http://www.smallnetbuilder.com/content/view/25970/113/1/3/ (!patent warning!)
 
To address a quite high assurance general-merchant network, you see what VISA actually does - to administer its trust domain (and sell affiliate services back to its own members!) at
https://partnernetwork.visa.com/vpn/global/category.do
 
Now where does all that fit if placed on our 0-100 scale, based on the 80/20 rule of getting anything to mass adoption?. I'd argue the 100% space for webSSO is divided up something like:-
 
00-20 academic, no auth publishing
20-40 academic publishing with trackback/cookie-grade snooping/id 
40-60 portal/campus (yahoo, LiveID, Internet2 etc)
60-80 merchant shopping/services accounts (e-commerce)
80-85 B2B (tradesecret, copyrights, licensing, billing, proprietary...)
85-90 secure payment (VISANet, ACH, UK-APACS etc)
90-95 Reuters, Lloyds, BiigCompany Supply Chain Management, Telco
95-99 military/govt messaging 
99-99.999999 police dossiers/intel (sordid sex and enemy lies)
0.000001 access to national secrets (that are worth a damn after 1 month)
 
OpenID seems to fit 30-50, and perhaps 80-85.
 
SAML fits 90-96. Arguably it also fits 80-85 though OpenID v3 could well compete there, if its costs/uptake is a better deal than the work of the traditional SAML vendor. A lightweight SAML2 could take on OpenID in 40-50 tho.
 
In strange cross-category industries likethat servicing a complete Realty transaction, the space cuts across 50-96. Thus, a multi-protocol WebSSO strategy is called for. OpenID, 3dsecure, SAML2 



More information about the general mailing list