[OpenID] Reconsideringhttp://openiddifferent from https://openid

Dave Kearns dkearns at gmail.com
Sat Sep 22 04:27:21 UTC 2007 

I've absolutely no idea what you're talking about here. SSO is not in any
way a vertical market nor a walled garden. It's raison d'etre is, in fact,
to do away with those concepts.

-dave

> -----Original Message-----
> From: Peter Williams [mailto:pwilliams at rapattoni.com]
> Sent: Friday, September 21, 2007 9:16 PM
> To: Dave Kearns; OpenID List
> Subject: RE: [OpenID] Reconsideringhttp://openiddifferent from
> https://openid
>
>
>
> Lets note that there is nothing in the "concept" of OpenID that
> is particularly new. Its just WebSSO. Its been around a while in
> varous guises, and various predictions. Here are some old ones:-
>
> http://www.internetnews.com/xSP/article.php/3411_1014961.
> http://www.infoworld.com/articles/hn/xml/03/01/07/030107hnliberty2
> .html?s=IDGNS
>
> A little independent (old) commentary on Liberty  (and holds for
> OpenID) is at
> http://searchwebservices.techtarget.com/originalContent/0,289142,s
> id26_gci896956,00.html?Offer=5NEWS
>
> The whole flow  of OpenID (with validation) is of course
> identical with that laid out at
> http://www.smallnetbuilder.com/content/view/25970/113/1/3/
> (!patent warning!)
>
> To address a quite high assurance general-merchant network, you
> see what VISA actually does - to administer its trust domain (and
> sell affiliate services back to its own members!) at
> https://partnernetwork.visa.com/vpn/global/category.do
>
> Now where does all that fit if placed on our 0-100 scale, based
> on the 80/20 rule of getting anything to mass adoption?. I'd
> argue the 100% space for webSSO is divided up something like:-
>
> 00-20 academic, no auth publishing
> 20-40 academic publishing with trackback/cookie-grade snooping/id
> 40-60 portal/campus (yahoo, LiveID, Internet2 etc)
> 60-80 merchant shopping/services accounts (e-commerce)
> 80-85 B2B (tradesecret, copyrights, licensing, billing, proprietary...)
> 85-90 secure payment (VISANet, ACH, UK-APACS etc)
> 90-95 Reuters, Lloyds, BiigCompany Supply Chain Management, Telco
> 95-99 military/govt messaging
> 99-99.999999 police dossiers/intel (sordid sex and enemy lies)
> 0.000001 access to national secrets (that are worth a damn after 1 month)
>
> OpenID seems to fit 30-50, and perhaps 80-85.
>
> SAML fits 90-96. Arguably it also fits 80-85 though OpenID v3
> could well compete there, if its costs/uptake is a better deal
> than the work of the traditional SAML vendor. A lightweight SAML2
> could take on OpenID in 40-50 tho.
>
> In strange cross-category industries likethat servicing a
> complete Realty transaction, the space cuts across 50-96. Thus, a
> multi-protocol WebSSO strategy is called for. OpenID, 3dsecure, SAML2

More information about the general mailing list