[OpenID] Making Deployers Choose (was: Real Identity Verification)

[Nate Klingenstein]

Peter,

I fully agree today, but I want the statement "OpenID is different to  
Shibboleth" to be fundamentally wrong in the future.  I want the  
statement, "your deployment can use trusted, managed identity  
sources, or take all comers, with the software of your choice" to be  
true instead.  Deployers shouldn't be asked to select between  
protocols and non-interoperable software packages.  That's our  
collective failure as an identity community.  They should just pick  
the implementation, trust, UX, and privacy rules that support their  
needs the best, and it should work with the implementations others have.

Shibboleth has been battling non-interoperability with SAML vendors  
very hard, and we all finally made some progress.  Google's OAuth  
work and CardSpace are trying to bring everything together, and  
Shibboleth can support much of both already.  Adding trust to OpenID  
is another good step.

Convergence ain't just an 11-letter word.  It's our duty to our users  
and deployers.
Nate.

On 4 Nov 2008, at 12:36, Peter Williams wrote:

> OpenID is different to Shibboleth. OpenID brings the likes of Yahoo  
> and Google assertions to RPs (just like us). I don’t WANT to manage  
> the 6 million consumers who come to our website, anymore than I  
> want to manage their email boxes. Let ads (on other people’s sites)  
> pay for all that!
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081104/d498a1fb/attachment-0002.htm>