[OpenID] For the nominees

Brett McDowell brett at projectliberty.org
Thu Dec 4 18:03:09 UTC 2008 

Peter, you seem to be conflating Liberty Alliance (an organization  
with a broad mandate, including user-centric identity) with SAML 2.0  
(a federation protocol that -- in large part, but not entirely -- came  
out of work Liberty Alliance did).  I also think you're giving SAML a  
black eye it doesn't deserve, but I'll let my technical betters defend  
the user-empowerment of SAML.

On Dec 4, 2008, at 12:56 PM, Peter Williams wrote:

> Assurance in the “system”? Or assurance about an individual operator?
>
> Liberty has active programs for facilitating governance of IDPs, and  
> IDPs control over Users and RPs. OpenID  encourages a contrasting  
> world of UCI, which has no governance model and no assumption that  
> governance is particularly relevant.
>
> I do hope OpenID Japan is not acting as an (undeclared) proxy for  
> Liberty initiatives. There is little or no conception of UCI in the  
> Liberty view of the world. Liberty is a full power TTP control  
> model, where the IDP “controls” users as subscribers and  
> (indirectly) governs their conduct on RP systems.   In OpenID, if  
> one OP removes your access to your assertions or attributes signaled  
> to a given RP, you can ALWAYS dump them and SIMPLY use another on  
> the same RP, ___with no impact to the User__. This is (obviously)  
> not the case with the TTP model, where the IDP _controls_ the level  
> of impact on one or more RPs.
>
>
> From: general-bounces at openid.net [mailto:general-bounces at openid.net]  
> On Behalf Of Nat Sakimura
> Sent: Thursday, December 04, 2008 7:32 AM
> To: Eddy Nigg (StartCom Ltd.)
> Cc: general at openid.net
> Subject: Re: [OpenID] For the nominees
>
> Hi Eddy,
>
> Here is my answers inline:
> On Thu, Dec 4, 2008 at 10:14 PM, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org 
> > wrote:
> There are a few questions I'd like to ask the current nominees in  
> order to get a better picture about which ideas a nominee  
> represents. Of course the questions are specifically what I feel  
> important:
> Adoption of OpenID by relying parties isn't on-par with the amount  
> of providers available. How would you improve that ratio?
> In Japan, we are doing the following:
>
> - Individual visit to potential RPs to persuade them the value of  
> being an RP.
> - Technical seminars to get them up to speed.
> - Create an Assurance Framework (this is in progress) to let them  
> have better "trust" in the system.
>
> I personally think we should replicate it in the global scale.
> What is it that should be done in order to have big providers like  
> Google, Yahoo!, Microsoft rely on other operators?
>  Assurance framework is a key. Right now, we have no good way of  
> assessing the assurance level of the assertions. Once it is solved,  
> it will become much easier for them to start accepting the  
> assertions created by a third party.
>
> Also, we have to show the relevant parties the market and profit  
> potential.
> Do you think that a trust relationship framework should be created,  
> similar to PKI auditing (or any other/similar idea) in order to  
> allow relying parties easily trust on other operators? Or what would  
> you suggest instead?
> Obviously, an assurance framework coupled with auditing is a key  
> factor. I think we should look at Liberty Alliance's Identity  
> Assurance Framework (IAF). IAF is protocol independent so we can  
> profile it to OpenID. Also, Assurance does not come in the form of  
> Technology alone. Legal systems have impact on it. In Japan, we are  
> working closely with the Japanese government to sort out the issues.  
> I think this needs to be replicated to anywhere in the world. That  
> is why we need to have a good representation from the different  
> jurisdictions for the board.
>
> Having said that, the assurance framework alone does not solve the  
> problem. We should use reputations services in conjunction with it.  
> That is why I have created ORMS TC at OASIS.
>
> Do you think that instead of hiring an executive director, the load  
> of the different tasks could be shifted to a small group of  
> different persons instead (foundation management)? Would you view a  
> such a scenario possible and perhaps more efficient? (Considering  
> the amount to be paid for an ED, I suspect that many highly  
> motivated and capable individuals from within the community or from  
> outside could do a better job than one individual and receive fair  
> compensation for their work.)
> This is exactly what we are doing in OpenID Foundation Japan.  
> Instead of hiring an ED, we have distributed tasks to (business- 
> wise) motivated group of people for each topic. Providing them the  
> benefit of doing it seems to deliver a better ROI at least in Japan.  
> I am not entirely sure about the situation in the U.S. and other  
> countries, but considering that OIDF is resource constrained, it  
> certainly is a path that should be considered.
>
>
> --
> Regards
>
> Signer:
> Eddy Nigg, StartCom Ltd.
> Jabber:
> startcom at startcom.org
> Blog:
> Join the Revolution!
> Phone:
> +1.213.341.0390
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081204/5eaa6541/attachment-0002.htm>

More information about the general mailing list