[OpenID] Community Opinion on OID 2.1 Discovery and Identifiers...

[Peter Williams]

Until recently, openid was a marketing term, a bunch of bogus claims about 26,000 sites having adopted it (playing on words, to help spin a half truth), and a bunch of half finished security technologies (xri). (no comment on the design of the handshake.). Looking for a mission, it was the data mesh, the solution of comment spam, the liberator of contacts, and the base for a value chain in varous reputation schemes. What contributions u left dispersed around the web, as u wandered from site to site, u could still reintegrate to consolidate your authorship and web of interaction. It was all so social. Any security engineer with a good reputation stayed away, particularly since the security professionals all associated with competitor protocols.

But when you at the complex technology integrations that the googles and facebooks have recently done (integrating various api access into a delegation model), building on the solid work yahoo did in the core protocol to enforce audience restictions, its set to give solutions like microsoft geneva servers sts and claim oriented model a run for its money.


But therein also lies an achilles heel. Just as microsoft geneva server retains ws* centric ws-federation in control of the last mile integration with web sites and web services (adopting saml only in the gateway model, as just "yet another" mechanism to mint tokens) so it can easly do the same with openid. At that point, who cares about openid - unless its *really* involved in doing all the things mentioned in the first para.

The ability to be social has to be so important to rps that they want native openid.


-----Original Message-----
From: John Bradley <john.bradley at wingaa.com>
Sent: Friday, June 05, 2009 12:29 PM
To: general at openid.net <general at openid.net>
Subject: [OpenID] Community Opinion on OID 2.1 Discovery and Identifiers...

David,

I
This again raises the question of what is openID.  Is it an authentication protocol,  a discovery methodology,  a Identity abstraction layer for applications,  or a marketing term?

I think we need to understand the answers to the latter questions before deciding what should be in the core spec.

John B.