[OpenID] Supporting OpenID

Peter Williams pwilliams at rapattoni.com
Sat Apr 12 18:23:51 UTC 2008 

Hubert: 

OpenID's trust model is to be a massively scalable feedback model (if I read the evangelists' messages right) - much like in the eBay world. Here, we are evidently engaged in an early form of the very feedback practice that makes OpenID so different to other approaches that seem similar. Yes - the process can seem like 1990's era email flaming culture - but it's NOT. SUN has always had an openness policy and its quite remarkable in corporate silicon valley culture for its policy of supporting personal email policies of its employees, the appropriateness of speaking out politically on even your personal issue set, differentiating between one's personal- and corporate-personality whilst using a sun email account, and trying really hard NOT to be an overbearing corporate entity paranoid about negative public commentary. It leads with its people, and they are always a credit to its corporate reputation. 

And, yes! I'm reading micro signals - and expressing an opinion. And yes, that can be somewhat frustrating at times, as anyone can apparently sabotage your reputation - just like any merchant can easily sabotage your credit score with false reporting (largely with impunity, in the US). OpenID puts the entire burden of making and maintaining reputation on the individual, and every micro movement has positive and negative feedback ripples - much like the worlds of neural network algorithms and cryptanalysis. A good cryptographer harnesses those signals.

A week or two ago, we saw an interesting set of reactions to a journalist's article - posing the question op large portals: how appropriate should it be it to act as an OP but not act as an RP? The posing of the right issue did its job :  we saw the razor induce feedback, and counter feedback... and we got to read lots of micro-signals that were issued in response. Here were some I read, which I composed with statements -- made independently of that topic -- by SUN folks:- 

- Those that encourage other to rely on them - in the UCI paradigm -- but cannot bring themselves to similarly rely on others showed a certain defensiveness at the very posing of the question AND lack of rationale for their position. SUN fell into this category (according to my personal reliance model ). I even worked to update of my personal reliance model on this issue by testing the SUN folks during the conference (which exists "to confer"..). The rationale for not being an RP was there expressed as (paraphrased): the experiment's scope by design excluded investigation of RP issues (which would have taken resources that were not available, in any case). From the very (classical) rhetorical form of that position statement I took away  (yes! "I" took, ol' egotistical UCI #me) the micro-signal that folks has a formal, legalistic rationale for their actions, one signaling the material intent to make "the OP-only position" appear more palatable that it might otherwise appear. The micro-signal is embedded in the form of the expression, and act of taking care to craft _upfront_ a defensible public position. Whether any of this this right or wrong is not particularly relevant. Like my US credit report, its just a bunch of pseudo-factual opinions with consequences that we all have to live with ...in the OpenID trust model.

- One OpenID Foundation board member, with infectious passion for his beliefs and a remarkable history in having helped the OpenID movement to virally get this far - publicly denied that OpenID is even suitable for logon. If I paraphrase, one would be nutty to even consider using openid protocol to logon to your Yahoo webmail account. The micro signal  here is the lack of confidence (in today's design) of a founding architect. Its effect on me was electric tho: given my own core mission is to get realtors to do SSO logon to plaxo (via openid) so plaxo can deliver mission critical services to them. Perhaps I should abandon the whole effort since OpenID is "not even suitable"!! When I learned from SUN's own reporting on its corporate OpenID experiment that the scope had specifically focused on having UN folks use such as Plaxo, an act labeled by category as "non corporate-grade", "of low import", "needing little care", and... "suitable for OpenID"...and being an example of where "OpenID would not be providing _SSO_ [... which other technologies can]) I naturally began to collate opinions on the topic.

- we saw Jim Bidzos retake the helm of VeriSign, account for letting go of most of the architect teams doing identity work, hire on Vint Cerf (one of the folks who had a particular vision in 1991 for how trust and public key should be rolled out, not that would (or could) listen), and paint a picture of how VeriSign would redefine itself leveraging its assets in trusted DNS, SSL certificates, telco/internet convergence, device addressing convergence... and apply the OpenID virus. Reading tea leaves here like no other can, various very positive micro-signals were emitted - to the benefit of OpenID. But, OpenID may look nothing like it does today, at the end of a Jim Bidzos (aka VeriSign) contribution.

Finally, Hubert. Do understand my personal limitations. This is the first time I'm working not as the technologist, but as the early adopting customer.  Its REALLY hard being an early adaptor! But, I will get better.




From: Hubert Le Van Gong
Sent: Fri 4/11/2008 4:13 PM
To: Peter Williams
Cc: general at openid.net
Subject: Re: [OpenID] Supporting OpenID


Peter,  


You're seeing ill intent where there's none.
This was a presentation of technical & non-technical observations (some good, other ones bad) we
made when we deployed (and analyzed) OpenID for Sun employees.
Surely you'll agree people (and Companies) can have opinions on the pros & cons of OpenID?


I'm sorry to hear Sun failed to impress you but as far as I know we're hardly the only ones being "only" an idp.


Cheers,
Hubert




On Apr 11, 2008, at 1:35 PM, Peter Williams wrote:

I should opine more.

Im currently of the opinion that certain folks aligned with liberty alliance are engaged in a messaging campaign of dubious repute. I was VERY depressed at an rsa conference session by folks from sun, for example. Couched in entirely valid technical analysis were a series of corporate non-endorsement messages (in my view). I'm wizened enough in silicon valley politics to know to contrast the frontroom from the backroom signals.

I was not impressed by sun being just yet another idp (that also ran) vs an rp. Being an idp takes no effort.

-----Original Message-----
From: Peter Williams <pwilliams at rapattoni.com>
Sent: Friday, April 11, 2008 4:23 PM
To: Paul Madsen <paulmadsen at rogers.com>; Will Merydith <will.merydith at gmail.com>
Cc: general at openid.net <general at openid.net>
Subject: Re: [OpenID] Supporting OpenID

Why do you say this?



2) what you perceive as Google support for OpenID actually has nothing 
to to with Google


Google may have started as as search engine, but it presented itself (and its subsidiarues) as a manged service provider at the rsa show, like a hundred others vying for control over the cloud.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general



--
Hubert A. Le Van Gong


Sun microsystems, Inc.
Business Alliances - Chief Technologist's Office


4170 Network Circle
Mailstop USCA17-201
Santa Clara, CA 95054
USA


--------------------------------------------------
email: hubert.levangong at sun.COM
tel:+1 408 276-6499


N 37  23.641'
W 121  57.146'


http://blogs.sun.com/hubertsblog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080412/20890fff/attachment-0001.htm>

More information about the general mailing list