[OpenID] My Feedback for XRD Vrsion 1.0

Peter Williams home_pw at msn.com
Sun Nov 8 16:43:13 UTC 2009 

I don't like the change as it builds the subject (and thus subject to object
relations) into the format.

We know by design, that this is reserved for profiles - so there can be lots
of ways of doing it.

Could the spec say that? Perhaps.

But there is a more important element. Them and us. We and them. You guys vs
the collective rest.

At iiw, them and us was omni present: manifesting in social conduct.

Shib/oasis folks were repeatedly snarky about openid design style. (real
engineers don't eat porc, type of line).

Traditional liberty folks folks saw iiw as but a brainstorming forum where
use cases might be discovered and then taken back into other forms where the
profssionals congregate in expert groups. (reminded me of the iso vs ietf
putdowns of the 1990 period, where conceited phone companies projected the
opinion that only they could build public data/packet networks and telematic
apps.)

govt folks and their personal services contractors were trying to split the
vommnity into insets and outsiders where access to govt secrets (like 1 + 1
= 0) is restricted to the indoctrinated folks who can be trusted to do the
right thing. (this reminded me of the very early cissp program, which was
about installing a trustworthy group of people into influence positions in
ISPs and asps - almost as Covert protectors of the public good.)

the infocard hosted-in-cloud lot were dismissive of client cert selectors to
the point of making me want to find out what they are so afraid of. Perhaps,
with a modern era-jumping manoevre and twist, the foaf+ssl folks reinvent
it. (this reminded me of x509s own story, left for dead in ietf
pem/IPSec/gssapi in 1993, and resurrected by Netscape/verisign/entrust
"startups" in 1994.)
 
then there was the kantara trust framework folks imputing that anything less
than full NSA 1980s program  for red/black seperated, mac cultered, covert
chanel obsessed, b3 formalized, comsec custodian operated regime. ... Can
not meet the public "true" needs. (this reminded me of pem community
debates, that legitimized low assurance, in an cold war era where those
properly indoctrinated had to "by all means necessary" induce the rest of
the world into the high assurance mantra, lest nostrodamus be proved right)

and then there is santosh, validly tapping into the sentiment that openid is
failing to be inclusive somehow, leading to the you-guys type rhetoric.

This week at the gartner i&a summit, ciso types get to ponder the same
topics from the market analytics point of view of all this. When has a
technology spent enough times being dumbed down over enough years from
university lab to commodity software so it reaches that breakout point, so
startup millionares get rich, employees get fed, their kids get educated to
do better than their parents and in the next 20 years another half billion
Indian/Chinese folks will leave the land and come on stream as engineers and
scientists and writers with even Yet more opinions.

Peter the pleb.

(I'm pseudo-pissed that verisign was not presenting itself properly at iiw,
as a leader and bold executor of programs. It's done well I suppose to
continue to exist for 15 years in silicon valley culture, but
honestly!...where is the vision, where is the mindshare, ... Hopefully they
are not relying on some version of the them and us prattle.)   

Santosh Rajan wrote:
> 
> Let us start with the definition, and overall scope of the XRD 1.0 spec. I
> have many more comments on the spec, but I will restrict this post only to
> one aspect, because there is no point in bringing up the other issues
> unless
> we agree on what I have to say in this post.
> 
> Let me quote from the beginning of the spec.
> "This document defines XRD, a simple generic format for describing
> resources".
> 
> Now if you read the rest of the whole specification it is all about
> "describing resources". There is nothing else to the whole spec other than
> "describing resources". ie. XRD's are about "describing resources".
> 
> Now this is true, but not the "whole truth", and i am estimating only
> "half
> the truth".
> 
> Why is the other half of the truth not here? I don't know whether it is by
> accident or design. Now let us get to the whole truth.
> 
> What makes a Resource a "Resource"? Or what makes any "thing" or an
> "entity"
> a Resource?
> It is the "availability" of the Resource to something else (another
> entity).
> I will explain.
> 1) Bikeshed-color-blue is an entity. What should it do to become a
> "Resource"? It must make itself available to John Panzer. Right! this
> bikeshed becomes a Resource only when it is "available" to someone or
> something.
> 2) Bikeshed-color-red is my bikeshed. Can we put these two bikesheds
> (resources) into the same XRD? No we CANNOT. Because both these bikesheds
> have made themselves available to two different people with two different
> XRD's.
> 
> That means the current definition of the XRD does not give the whole story
> and we need a more truthful definition. Here is the new definition.
> 
> "This document defines XRD, a simple generic format for describing a set
> of
> resources that is available to a given entity".
> 
> Now we can take this concept of the "set of resources" that have made
> themselves available to a "given entity", a little further.
> 
> Now it is not very difficult to understand that this "given entity",  is
> your "given identifier", or "Subject" or "rdf:about". (I am assuming
> people
> reading this are technically inclined).
> 
> So we can clearly see that, just like a Resource is meaningless without
> defining what it is available for, the whole "XRD 1.0 is spec is
> meaningless, without defining or explaining what an XRD is about".
> 
> In other words the XRD spec needs to clearly specify "what an XRD is
> about?", "What is, the resources in the XRD, making itself available to?"
> 
> Now let me preempt the arguments these guys are going to put up against
> this
> post.
> 1) We don't understand what you are saying!
> 2) This is wrong.
> 3) This is beyond the Scope.
> 
> If you want to argue this, you better come up with something better than
> (1)
> (2) (3) above. Just in case you did not understand anything, please ask, I
> will explain. And don't ask anything irrelevent to this post. (Dont I know
> you guys by now?).
> -- 
> http://hi.im/santosh
> 
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
> 
> 
> -----
> 
> Santosh Rajan
> http://santrajan.blogspot.com 
> 

-- 
View this message in context: http://old.nabble.com/My-Feedback-for-XRD-Vrsion-1.0-tp26254440p26255396.html
Sent from the OpenID - General mailing list archive at Nabble.com.

More information about the general mailing list