[OpenID] Musing on FaceBook, OpenID and the next mountain to climb
tom
tom at barnraiser.org
Wed Jul 30 12:09:50 UTC 2008
Hi Nat,
Nat Sakimura wrote:
> I'd volunteer, but, for drafting the WG charter,
> I need more input from the people on this list on
> what should be in the scope.
>
> For me, I was thinking of the below for sometime:
>
> 1) Contralct Negotiation Protocol
> - Negotiates the terms of the use, and back channel data transfer
> protocol.
> 2) Reputation Service Protocol
> - Means to obtain the trustworthiness score of an assertion.
>
> In terms of Johannes's enumeration:
>
>
>> - single-sign-on across the web with a simple user experience
>>
> => OpenID Authentication 2.0 + some more security features.
>
>
>> - high-quality identity information available to RPs
>>
> => 1) + 2) above.
>
>
>> - social network information available to RPs
>>
> => 1) + 2) above.
>
>
>> - communication from RP into the social network of the user
>>
> => I am still vague on what it will be like.
> Could someone post a concrete example usecase, please?
>
We created a decentralised social network (linked OpenIDs) at the RP
then by using OAuth you counld distribute keys to services that can then
access your network. We had a decentralized activity log (like Facebook
notifications) at the RP where you were told about friends that had
posted blogs remotely [ the blogging service accessed the social
network, matched them against their users and sent xml based information
back to the RP on activity] - this meant that the OpenID owner had a
bunch of metadata to look at surrounding their network from services
whom had valid access keys.
Other use cases would be for instance matching my network in Amazon
(these friends have this book too) or matching my birthday to my wish
list and having the social networking tool tell your friends that it is
your birthday and you would like Y book. Here again, giving Amazon an
OAuth key which defines what access they get to my social network would
be my route to solving this.
My two sense worth - I'm for focusing on OAuth and leaving OpenID
authentication slim:)
tom
> =nat
>
>
>
> On Wed, 30 Jul 2008 13:05:48 +0900, Johannes Ernst
> <jernst+openid.net at netmesh.us> wrote:
>
>
>> Like others, I've been amazed about what Facebook has put together
>> with Facebook Connect as announced last week.
>>
>> Their proposition for relying parties seems to be:
>>
>> - single-sign-on across the web with a simple user experience
>> - high-quality identity information available to RPs
>> - social network information available to RPs
>> - communication from RP into the social network of the user
>>
>> and IMHO, that is indeed a great business proposition for RPs.
>>
>> Of course, they seem to be building this with Facebook-specific
>> protocols, but that's not surprising given that the OpenID technology
>> stack right now is insufficient to accomplish what they wanted to
>> accomplish. But not dramatically so -- it might just be plugging some
>> other technologies into OpenID (like XFN or FOAF etc.) and filling in
>> some gaps if one wanted to do that.
>>
>> So ... methinks we should grow the OpenID stack over the next 6-12
>> months to be able to do all of this (and more?) with open
>> technologies. This would also make OpenID much more interesting to
>> relying parties...
>>
>> Open protocols are clearly necessary to grow the entire market, which
>> would be in the interest of everybody including Facebook.
>>
>> Anybody up to getting an OpenID working group started up to work on
>> this?
>>
>> [Feel free to respond on the list or privately.]
>>
>>
>>
>> Johannes Ernst
>> NetMesh Inc.
>>
>>
>>
>
>
>
>
--
Tom Calthrop
Founding director, Barnraiser.
Dedicated to giving people the tools they need to share
knowledge and advance society through social software.
Web site: http://www.barnraiser.org/
OpenID: http://tom.calthrop.info/
More information about the general
mailing list