[OpenID] Combining Google & Yahoo user experience research

Peter Williams pwilliams at rapattoni.com
Mon Oct 20 18:02:17 UTC 2008


The direct analogy here is the (us initiated) number portability issue. Only a few years ago, ttps known as phone companies had an 80year old  leverage over you when considering whether to swap to a better cell/mobile carrier: you lost your phone number upon switching vendor. Recovery from that loss - in your phone-based social network - was a real hassle.

Uci/openid is FOR number portability where traditional saml is not. (metaphor, note). Loss of an idp account is a indirect control signal to rps in the saml world: its an irrelevancy in the uci world which denies ops any "controlling" role.

Of course the phone companies can still ultimately  get together and deny you any binding to the public space as you float your consistent number between carriers, if all you are doing is spewing unrepentant hate etc.  Such has to be true for the mainstream consumers/sps.

Saml's ability to create "formal affliations of SPs/spokes" is probably the 'middle ground' between absolute uci and total ttp (aka crypto anarchy vs big brother). Not a trust model, openid might learn to value what an sp affiliation does, and build on it in openid auth proper, just as its starting to do in openid ax update.

-----Original Message-----
From: Paul Madsen <paulmadsen at rogers.com>
Sent: Monday, October 20, 2008 10:36 AM
To: Peter Williams <pwilliams at rapattoni.com>
Cc: general at openid.net <general at openid.net>
Subject: Re: [OpenID] Combining Google & Yahoo user experience research


Peter, how would OpenID keep the user-centric principle (which I believe
for you means allowing the user's choice for an OP trump that of RPs?)
in 'some or other form'?

It seems a binary issue, i.e. an RP either has a whitelist (implying
that the user must pick OPs from within if they want to authenticate
that route or doesnt (implying that the user is not constrained in their
OP choice)

Is there some meaningful middle ground?

For the RP to base it's decision on something more dynamic like OP
reputation is more flexible, but it still means eventually the RP will
have to say 'no' to some User when they present their OP.

paul

Peter Williams wrote:
> This is what the openid vs saml issue is really all about. If openid loses its uci roots, there is really no reason for openid to exist in my views. If it keeps uci at least in some or other strong form, its made a big difference.
>
> Saml is about banks and ttp culture.
> Openid is about people (versus people as mere  "users" of such as ttp banks).
>
> Of course, both sets of bits and bytes can easily actually address the other's communities. But thats not the point.
>
> -----Original Message-----
> From: Martin Atkins <mart at degeneration.co.uk>
> Sent: Sunday, October 19, 2008 11:45 PM
>
> To be honest, I don't
> care what my bank trusts. I care what I trust.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>

--
Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432
                        m:613-282-8647
                        aim:PaulMdsn5
                        web:connectid.blogspot.com




More information about the general mailing list