[OpenID] [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research

Peter Williams pwilliams at rapattoni.com
Mon Oct 20 02:49:51 UTC 2008


I have to admit to some (more) ignorance: I don't know what an UX issue is.

Ill grant that Shib has (probably) been using metadata to control its web sso engine for a long time, but rather less than X.500's sso! (circa 1992). In the shib vision of the world, a long list of entities metadata is compiled and signed as a file at URL at well-known "natural" prividers, rather similarly to themodel used for the the original internet host files, pre DNS. The right have one's entry posted to the file is based on the policies of  the trust hub - akin to how (D)ARPA/NSF and DIA (for milnet) used to control the Internetworking host file.

What OpenID does seem to have done is use the web in the same role that DNS provided to the host file problem - liberate membership from centralized policy management. What Ping Identity seem to have done in their dynamic federation handling is rely on https properties and its certs/PKI  similarly, when addressing SAML2 metadata - arguably improving on what OpenId2 does with unsigned XRDS streams and unauthenticated YADIS.


From: Nate Klingenstein [mailto:ndk at internet2.edu]
Sent: Sunday, October 19, 2008 1:45 PM
To: Peter Williams
Cc: Shane B Weeden; general-bounces at openid.net; OpenID List
Subject: Re: [OpenID] [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research

Peter,

Just to be clear, we've been using metadata-driven protocol flows in deployment since at least 2002.  I think the real progress and convergence here is giving users the ability to define their own trust relationships with services rather than requiring the IdP/OP and its administrators to do that.  It's a key development which makes federated identity's UX issues much more difficult and urgent.

e.g. https://mail.internet2.edu/wws/arc/shibboleth-users/2003-06/msg00026.html

Thanks,
Nate.

On 19 Oct 2008, at 20:27, Peter Williams wrote:


But this is really irrelevant. Convergence is now happening nicely, focused on what it is that OpenID added to the pot (metadata-driven protocols flows).


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081019/b51012c3/attachment-0002.htm>


More information about the general mailing list