[OpenID] OIDF "OpenID Compliant" Program -- WAS: Perceptions of OpenID

David Eyes eyes at awakenings.com
Tue Jan 6 00:47:33 UTC 2009 

This type of affiliate branding program is IMO the foundation for healthy
ecosystem.

dme

David Eyes


On Mon, Jan 5, 2009 at 3:20 PM, David Fuelling <sappenin at gmail.com> wrote:

> One of the major concerns raised in Chris' blog centered around
> Interoperability -- (Summarizing): "*OpenID's don't work on all sites in
> the same way (if at all), and the Foundation isn't strong enough to make
> this happen, since OpenID is such a distributed idea, so users aren't likely
> to embrace OpenID*..."
>
> However, it seems like the OIDF could solve this problem by introducing an
> "OpenID Compliant" program, with a linkable Image that implementor's can
> advertise, and that end-users can click on, taking them to openid.net,
> with information about the particular implementer's "compliance" measurement
> -- e.g., "This RP/OP passed various automated openid.net tests with this
> particular score".
>
> Such a mechanism would be a useful debugging tool for openid implementors
> (OP's, RP's, and Libraries), and could be nice tool for end-users to both
> a.) figure out which OP supports openid the best, and 2.) See that a
> particular RP's openid implementation is broken, not the openid protocol
> itself.
>
> The incentive would be for OP's and RP's to want to advertise the "seal",
> and thus to offer "working" versions of OpenId.
>
> Automatic Verification Process for RP
>
>    1. RP developer creates an account on openid.net, and clicks the
>    "verify my RP" link.
>    2. Various info is collected from the developer, perhaps payment, and
>    an RP URL that adheres to a certain set of "testing parameters" (i.e., a
>    single login form with a standardized button name, etc, for testing purposes
>    -- this would not be the actual login form, but would use the same
>    libraries, and would allow for automated testing).  Alternatively, the
>    end-user could supply these button names to openid.net (enabling steps
>    3 and 4 below)
>    3. Openid.net-based software would simulate various OpenID logins, with
>    the OP being served from the same domain as the claimed identifiers (i.e.,
>    openid.net).  This way, no real-world user interaction would be
>    required to test the OpenID flow since user-agent an OP would be the same
>    (for testing purposes).
>    4. Various extensions could be tested for support -- such as Sreg, AX,
>    etc.  Again, there would need to be a standard way for an HTTPClient
>    (simulating a web-browser) to easily gather this data from the RP web-page
>    for verification -- again, part of the verification process.
>
> Automated Verification/Testing for OP's would be similar, except the
> software running at openid.net would merely simulate an RP talking to the
> implementor's OP (and could also test for sreg, AX, etc).
>
> Such a verification process could require a series of standardized UX pages
> that would only be used for these tests (not used by actual
> customers/websites).  Alternatively, more sophisticated software could allow
> the implementor to specify the name of key pieces required for the test
> (e.g., by button's name is "submitButton", etc).
>
> OpenId could even exercise these automated "test" pages periodically, to
> make sure that an RP/OP maintains protocol compatibility.
>
> Of course, this idea would require some custom software funded by the
> Foundation, but such a program would have a lot of benefits, especially from
> a marketing perspective (with a side-benefit of helping libraries and
> implementations become "compliant" and "interopable").
>
> David
>
>
> On Sun, Jan 4, 2009 at 11:15 PM, Chris Messina <chris.messina at gmail.com>wrote:
>
>> I've just blogged about perceptions I've seen recently of OpenID in the
>> wild.
>> http://tr.im/fj_perception
>>
>> I think these are serious issues that we must think about and consider,
>> since many popular bloggers are only carrying negative stories about OpenID
>> (with good reason) lately. I think it's imperative that the marketing
>> committee ramp up its efforts to provide public domain case studies, stories
>> and regular news that can help highlight and promote the successes that
>> people are having with OpenID so that we can counter these negative
>> impressions and provide a more positive, balanced perspective on where we're
>> at with OpenID.
>>
>> Chris
>>
>> --
>> Chris Messina
>> Citizen-Participant &
>>  Open Web Advocate-at-Large
>>
>> factoryjoe.com # diso-project.org
>> citizenagency.com # vidoop.com
>> This email is:   [X] bloggable    [ ] ask first   [ ] private
>>
>> _______________________________________________
>> board mailing list
>> board at openid.net
>> http://openid.net/mailman/listinfo/board
>>
>>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090105/2862ddea/attachment-0002.htm>

More information about the general mailing list