[OpenID] HTML-Based Discovery incompatibilities

Peter Williams pwilliams at rapattoni.com
Thu Jan 8 19:49:01 UTC 2009 

There are 4 sliders with identity&Authentication: called 1) control, 2) security, 3) convenience and 4) ease of config/use by mom&pop.

Pull any one slider to the +ve side , one of the others goes to the -ve. The brave new world of identity2.0 will not and cannot change that. Security => Politics => Technology.

Try to look at the praxis of https and see WHY it actually supports so many different communities with common libraries and platforms. Each community gets to tune the 4 parameters the way they want (if they care enough to bother doing so), and any given deployment DOESN'T step on anyone else's toes. It wholly avoids the tuning arguments : openid should be simple, openid should be a ui fascist, openid should be op-centric, openid should be rp-centric openid should be vanity-powered, openid should be limited to registered certs/domain-name. One lets the world of openid usage decide all those parameters, 5 different ways.

OpenID ALMOST has it right. The only 2 structural issues I see are 1) inability to teach RPs which https roots to apply (breaking the stranglehold of the PKI powercenter) 2) inability to dynamically learn AX metadata.

We may be learning there may be one more major structural element missing: how to "express" how the OP <-> RP <-> SP relationship works, if the mission is UCI.


> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Evert | Rooftop
> Sent: Thursday, January 08, 2009 10:47 AM
> Cc: general at openid.net List
> Subject: Re: [OpenID] HTML-Based Discovery incompatibilities
>
> On 8-Jan-09, at 1:35 PM, Chris Messina wrote:
>
> > I will fight tooth and nail to keep basic <link>-based OpenID
> > discovery in the spec. I had a hard enough time delegating my own
> > OpenID yesterday. You'd think that I'm not your average user and
> could
> > figure this out -- and if *I* had a hard time with it, I can't
> imagine
> > how normal folks who give a crap about our beautiful fucking
> snowflake
> > technologies will figure it out.
> >
> >
>
> As an open-id user, I have to concur. KISS!
>
> Back in the 1.0 days I was able to implement a consumer and provider
> fairly easily.. Now the number of abbreviations, standards and concepts
> are downright scary.
>
> I'm not if this will be of any help to you guys being a mere
> implementer, but this is a sentiment I've heard from other developers..
> I love the idea behind OpenID, but reading this list for
> 2 years makes me think it's heading the same direction as WS-*. Please
> keep things simple!
>
> Evert

More information about the general mailing list