[OpenID] Thinking About OpenID.com

Peter Williams pwilliams at rapattoni.com
Wed Mar 19 14:53:10 UTC 2008 

"Its fine that the OP helps you store you 6 delegated IDs in the XRD, once the RP is pointing to the right file. We just cannot have the user type "rapmls.com" into each of 6 services providers at 9am, and again at 11am, 3pm, and 9pm."
------

Longer background

On URLs: There is little difference between typing pwilliams at rapattoni.com and pwilliams.rapattoni.com. Folks can get used to that. They will not get used to the dose of URL religion that come with OpenID movement. Nobody cares, or should care. (UCI is a hard sell. Busy people dont have time to bother with hard sells.)

On URL#2: In a portal experience, particular one that is a pre-cursor to semweb-based portal designs, we cannot have a user typing "I am not a number/ but I am a URL" 6 times, because the inverted data model induces the operating practice that that there will always now be 6 data/tab providers. Dont think about your probable personal or corporate lives here. In my ultimate-consumer industry with a million, consumer-grade users, half the users access kiosk PCs, changing PC 4+ times a day from a pool of 20 open access (no desktop logon., i.e. no overhead) machines.  Cookies are not viable;  host-based Security policy is not viable; nothing "enterprise" is viable (as it costs more than a tenth of a cafe latte per day to deliver in an industry that will not pay more than 30c a day per user for ALL its IT, enterprise-grade apps). In summary, Sp-initiated websso (type in your discovery info) is not viable UNLESS PARTIALLY AUTOMATED, when their portal hubs mashup different info sources (lockbox access, county parcels records, treasurer taxdata, video/photo services, client scheduling, ad service subscriptions, Google Apps gmail, Google IM, Google Calendar, Google Sites....)

To address my particular problem, all I need is community endorsement of an "RP convention"  (that undermines UCI, somewhat). The portal site (or favorites mgt site) doing the handoff to the RP shall be OPTIONALLY able to signal the user's cached-URL (one per mashup site) in a STANDARD CONVENTION, to be populated in the RP interactive interactive login form.

That is, my favorites mgr stores: http://www.plaxo.com/openid?openid=http://peter.rapattoni.com/

That is, my favorites mgt stores: http://www.plaxo.com/openid?openid=http://rapmls.com/, for directed ID.

The convention needed ...is the opportunity to put the openid= querystring on the end, of course

Its fine that the OP helps you store you 6 delegated IDs in the XRD, once the RP is pointing to the right file. We just cannot have the user type "rapmls.com" into each of 6 services providers at 9am, and again at 11am, 3pm, and 9pm.


On RPs: If Yahoo and AOL are not RPs in some or other capacity, they are PART OF THE PROBLEM. Google Apps is a SAML2 RP service, today, and a Blogger RP for openid (according to David R). Shame on Yahoo/AOL, if they are not accepting openids, in some or other application.





From: Andy Powell
Sent: Wed 3/19/2008 4:04 AM
To: david at sixapart.com; openid-general List
Subject: Re: [OpenID] Thinking About OpenID.com


The openid.com domain is an annoyance but not critical IMHO.  The
content at openid.net is ok IMHO.

>From my perspective there are three barriers to adoption right now:

1) ordinary people just don't get the idea that their online identity
(their username) should be represented as a URL

2) ordinary people find the user experience of OpenID tends to be too
clunky at the moment ("I want to log into X but I'm being asked to give
my credentials to Y" kind of issue)

3) some techies (i.e. non-ordinary people :-) ) have perceived security
issues (particularly around phishing) leading to insufficient trust in
OpenID as an identity infrastructure

Note that by "from my perspective" I mean "this is what I'm sensing from
the community I deal with (UK education)".  I have no hard evidence to
back these statements up unfortunately.

There is a fourth barrier as well:

4) not enough major RPs

which is probably the most significant, but that kinda falls out of the
other three I suspect?

Andy
--
Head of Development, Eduserv Foundation
http://www.eduserv.org.uk/foundation/
http://efoundations.typepad.com/
andy.powell at eduserv.org.uk
+44 (0)1225 474319 

> -----Original Message-----
> From: general-bounces at openid.net 
> [mailto:general-bounces at openid.net] On Behalf Of David Recordon
> Sent: 19 March 2008 00:32
> To: openid-general List
> Subject: [OpenID] Thinking About OpenID.com
> 
> Earlier today I came across a blog post 
> (http://www.jason-preston.com/index.php/2008/03/18/why-openid-
> will-never-work/
> ) talking about some of the adoption hurdles around OpenID 
> for normal people.  The largest concern still seems to come 
> from how OpenID.net presents (or doesn't) itself in terms of 
> being dead simple to actually get an OpenID.  While I don't 
> agree with every point that Jason makes, I certainly 
> understand what he is saying especially with how he ended his 
> response to my comment:
> 
>  > I think it's just that the concept of OpenID is supposed 
> to be "braindead simple login for disparate web services,"
>  > and when you go to the page, what you see is "confusing 
> multiple login accounts, none of which you can do  > anything 
> with from this page."
> 
> Thus the thought in my head is one that has come up in the 
> past, though never anything we've done something about.  What 
> if we actually purchase OpenID.com (like Jason suggested) and 
> use it to be a dead- simple normal person destination site?  
> OpenID.net can remain more targeted for developers and we can 
> stop fighting the battle of trying to make one site useful 
> for everyone.
> 
> Does this make sense to others?  Would people see this as a 
> useful way to spend OpenID Foundation resources?
> 
> Thanks,
> --David
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080319/9659f19b/attachment-0001.htm>

More information about the general mailing list