[OpenID] For the nominees

Eric Sachs esachs at google.com
Fri Dec 5 00:18:54 UTC 2008 

>>
If OpenID is just a lightweight SAML, all I need to do is stick a
protocol gateway on the front of the SAML endpoints we already have,
and be done with it.
For the use case I described of mainstream websites, I would agree that for
years, they have been asking for the same type of MINIMUM functionality for
federated login, and most of the technical requirements of that would be met
by SAML.  However, that still leaves a lot of unsolved
usability/discoverability/outsourcing problems whose solutions end up being
pretty close to the ones the OpenID community has been passionately pursuing
for the claims based concept.  But I say MINIMUM functionality because the
companies who run those large sites certainly see opportunity in other
functionality the identity industry is pursuing, whether it be claims,
social integration, personal web services, etc.  In fact, federated login by
itself does little other then increase their user registration success rate.
What is less clear is whether/how those other pieces of functionality have
to be tied into the login process.  There are already plenty of sites who
don't do federated login, but use aspects of claims based identity (such as
Blog/Profile URL validation), personal web services (OAuth), etc., social
integration (OpenSocial).

On Thu, Dec 4, 2008 at 3:41 PM, Peter Williams <pwilliams at rapattoni.com>wrote:

>    * *
>
> .  A mainstream website might trust any IDP who is hosted by a known SaaS
> vendor.  However for the longer-tail we may see a need for companies who
> build a business out of validating the UI/reliability of IDPs and selling
> those lists to other websites.
>
>
>
>
>
> This seems very SAML-notion centric, based on architectural forms ~5 years
> old.
>
>
>
> Isn't the ___user___ supposed to be in charge, in OpenID?
>
>
>
> Isn't that the CRUX of what openid is all about  and what makes it
> different to SAML (other than needing SSL/PKI and using name/value pairs and
> XRDS markup …instead of the SAML markup and xmldsig?)
>
>
>
> OpenID is not an idp-centric federation concept . OpenID is not an
> sp-centric federation concept. It CLAIMS/CLAIMED to be a user-centric
> (federation) concept – a model seekingto differentiate itself from the
> well-known hangups of the previous 2 concepts.
>
>
>
>
>
>
>
> I have  to admit, from the trends I see, and in the hands of the "big
> players": OpenID is turning into a simple lightweight version of SAML2,
> featuring the idp-centric model. If one uses the unsolicited assertion
> model, it does do a damn good impression of SAML1, too.
>
>
>
> I have to admit I don't think we in realty, could really care less. But,
> what was always interesting/revolutionary about openid was the model, not
> the swap of bits. If OpenID is just a lightweight SAML, all I need to do is
> stick a protocol gateway on the front of the SAML endpoints we already have,
> and be done with it.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081204/cbe761af/attachment-0002.htm>

More information about the general mailing list