[OpenID] CX proposal status

Peter Williams pwilliams at rapattoni.com
Thu Jan 15 23:31:35 UTC 2009 

I suspect this class of issue is quite important to the specs council members. But...I'm not speaking authoritatively! The power in such decision making is always function of who pays the bills!

Of course, there is not a single thing that openid does that other protocols don't already accomplish  (typically using xml ,dsig and https). But, like any standards-based product, what matters is not the pure function but the unique design concept that builds an online community operating a "certain way". UCI-openid and Shib-SAML could not be more different in operational concepts, despite having the same functional output.

I suspect spec council people will want the trust networking topic addressed according to "the openid philosophy". It has to smell like web2.0 in its culture, not like the kind of material that OASIS (or IEEE) would typically generate. It also has to avoid smelling like a W3C standard, which tends to be too far out (like the half billion FOAF files that exist... but no one uses). Though unstated, any design  may have to avoid "that" which induced openid in the first place (being merely the nth websso protocol to come out of the gate in recent years).

The way the high-level criteria are structured suggests that it's a defensive posture and fundamentally a political process - which will require canvassing the council members rather than rationalizing the content. Its rule system design pretty obviously allows the "founders" to hold further developments true to the founding spirit as they see it - and they get to do that outside of membership control, with no formal accountability ; needing only to claim they are upholding the "vision".

From: Nat Sakimura [mailto:sakimura at gmail.com]
Sent: Thursday, January 15, 2009 3:03 PM
To: Peter Williams
Cc: David Recordon; general at openid.net
Subject: Re: [OpenID] CX proposal status

Well, to be clear, I am not proposing to rubber stamp on JAL implementation.

That's fairly different than what we would come up.

For example, JAL implementation actually uses XML contract format with XML Sig.
I actually prefer that, but I was guessing that this community would want something not XML nor XML Sig. Of course, if the community wants XML+XMLSig, I am more than happy.

It is just the use case from JAL implementation that I am bringing in.

=nat
On Fri, Jan 16, 2009 at 2:29 AM, Peter Williams <pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com>> wrote:

I'm guessing culturally, that there are a number of things that need to get dropped.



The notion of "use-case driven" WG needs to go. I doubt we want to introduce a distinction between those outputs that are engineered using use-case methods vs those that are not. Use of one or other method is incidental, and neither supports or limits the technical work. The WG members should pick one or more once engaged. There is nothing in a "charter" that has to decide this issue upfront. (otherwise, it smacks of religion, that introduces politics,  that induces worry.. that causes delay...).



The notion of that the particular topic (higher assurance protocols for trust network) demands certain (Security) engineering techniques (e.g. crypto and signatures) should also go. The WG might want to decide to adopt an existing apparatus, tune commodity infrastructure (e.g. PKI), posit 2 levels of OPs (just like in IS-IS or OSPF enterprise backbones),...



One should be clear that no additional "profiling" will be required for interworking. I'm not sure this culture want to adopt the market fragmentation attitudes present in the SAML adoption space for example. We have to  remember this is the web, focused on consumers (not B2B). B2B is secondary, and must be an "overlay" on  the consumer  infrastructure- much like military folks overlay additional trust on _Commodity_ SSL when needed.



It's an important step for Openid to frontally address trust networking (as Nate has headed for a year now). But, the charter needs to generic and open minded, not a rubber stamp of whatever works at JAL today. At the same time, it needs a practical orientation, so the debate doesn't just become a tech vendor-fest - each wanting their own stuff to get adopted to help their mindshare marketing.



From: Nat Sakimura [mailto:sakimura at gmail.com<mailto:sakimura at gmail.com>]
Sent: Thursday, January 15, 2009 8:53 AM
To: David Recordon
Cc: general at openid.net<mailto:general at openid.net>; Peter Williams
Subject: Re: [OpenID] CX proposal status



Right. And the response to them were:



On Thu, Jan 15, 2009 at 4:36 AM, David Recordon <david at sixapart.com<mailto:david at sixapart.com>> wrote:

I think that's a fair assessment, though missing the piece that the proposal hasn't been making it clear enough that CX must build on top of existing OpenID specifications



the revised proposal (a version before the current one on the wiki) clearly stated it



and that the working group should not be allowed to produce an indeterminate number of specifications.



the word "series of" was used to make room for the possibility of modularization instead of a monolithic one, and it is the scope that limits the work of the WG and not the number of specs. In the early stage of use case driven WG, it is often difficult to determine how it is going to be modularized at the outset. Having said that, I have removed the words "series of" as well.



=nat






I'm looking forward to the call.

--David


----- "Nat Sakimura" <sakimura at gmail.com<mailto:sakimura at gmail.com>> wrote:
> Some members of spec council suggested rejection on the basis of (1) the scope being too wide (2) not getting enough support from the community, i.e., probalby on 4.2(c). Some proposers replied back to those points in specs-council ML that (1) being usecase driven, it may look that scope is wide but it really is not, (2) it has support from EU, Japan, and US members and suggested a call to close on this. The call is being planned right now.
>
> Would that be a fair summary?
>
> =nat
>
>

> On Mon, Jan 12, 2009 at 8:24 AM, Peter Williams <pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com>> wrote:
>

>

Can anyone summarize for folks here (in ~100 words) the status of the specs council discussion on the CX proposal?





>

>

>

>



> _______________________________________________
> general mailing list
> general at openid.net<mailto:general at openid.net>
> http://openid.net/mailman/listinfo/general
>
>

>

> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
>

> _______________________________________________ general mailing list general at openid.net<mailto:general at openid.net> http://openid.net/mailman/listinfo/general



--
Nat Sakimura (=nat)
http://www.sakimura.org/en/



--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090115/a3bed70c/attachment-0002.htm>

More information about the general mailing list