[OpenID] [xri-comment] My Feedback for XRD Vrsion 1.0

John Panzer jpanzer at google.com
Fri Nov 13 21:42:58 UTC 2009 

On Fri, Nov 13, 2009 at 1:16 PM, Peter Williams <home_pw at msn.com> wrote:

> The web changed Internet email culture, with many of the older
> communication patterns being lost. Out went most of the humor (and trust).
> In came standardized messaging, much as is used when running a corporation.
>

Well, in my day we used bang-path addresses.  And we liked 'em!  (No, we
hated 'em.)


>
> Remember the old adage: when assigning malice or Incompetence as motive,
> it's almost always incompetence.
>
> I am indeed a bit frustrated, I suppose - as  evidently im as ignorant (and
> thus as practically incompetent)  as I was when I for one started looking at
> openid. It took me nearly 3 years to understand xri, xrds, name resolution,
> localid synonyms, yadis and openid...so I could comprehend what folks
> pitched as s's main differentiator over a saml infrastructure: uci and trust
> network management offloaded to ibrokers. By the time id fathomed all that
> and java and openxri libraries and could finally program and sign an xrd
> usable by my yadis consumer from my own trust network connected to the
> public name resolvers, uci is (sigh) no longer the central thrust of the
> movement. Now it's all been inverted, to be all about offloading domain
> endpoints to paas vendors and securing restful Apis with hmacs. (why not
> just add an ssl record layer protocol instead!!)
>

Not sure what paas is.  I personally believe UCI is important; I view
outsourcing as one valid option which individuals can choose.  And unless
you can talk to APIs using something other than HTTP Basic or proprietary
auth, UCI doesn't even have a chance to enter the picture.


>
> At the same time, it's all if the web gets universal (rsa) signed xrd to
> update and replace signed domain certs and cert chains.
>
> I'll be happy if ietf includes a normative signed xrd example in the host
> meta profile. Then it's all been worth it.
>

I'll be happy with valid, working examples too.  Especially ones someone
could copy and paste to do a parsing & validation check against a new
library.

It's not clear to me where the discussion for host-meta should be happening
to be honest.  At the moment I'm throwing everything at
http://groups.google.com/group/webfinger until people complain.


>
> On Nov 13, 2009, at 11:15 AM, Brian Kissel <bkissel at janrain.com> wrote:
>
>  +1, well said John.  We absolutely do want a diversity of opinion and
> constructive dialog, passionate even ;-) But also respectful and inclusive.
> As John says, if this becomes a flaming feast, we may discourage others who
> have unique perspectives from sharing their questions, thoughts, and
> suggestions which would do us all a disservice.
>
>
>
> Cheers,
>
>
> Brian
>
> *___________*
>
> * *
>
> *Brian Kissel <http://www.linkedin.com/pub/0/10/254>*
>
> *CEO, JanRain - **OpenID-enable your websites, customers, partners, and
> employees*
>
> 5331 SW Macadam Ave., Suite 375, Portland, OR 97239
>
> *Email*: bkissel at janrain.com     *Cell*: 503.866.4424     *Fax*:
> 503.296.5502
>
>
>
> *From:* openid-general-bounces at lists.openid.net [mailto:
> openid-general-bounces at lists.openid.net] *On Behalf Of *John Panzer
> *Sent:* Friday, November 13, 2009 10:44 AM
> *To:* Peter Williams
> *Cc:* <openid-general at lists.openid.net>openid-general at lists.openid.net
> *Subject:* Re: [OpenID] [xri-comment] My Feedback for XRD Vrsion 1.0
>
>
>
> On Thu, Nov 12, 2009 at 10:14 PM, SitG Admin <<sysadmin at shadowsinthegarden.com>
> sysadmin at shadowsinthegarden.com> wrote:
>
>  Maybe the OpenID board should consider enforcing some basic rules of
> civility and professionalism on this list.
>
>
>
> As much as I value civility, I disapprove of the authoritarian approach to
> moderation. -1; community-enforced rules are more in keeping with UCI
> principles, too.
>
>
>
> In the spirit of community enforced rules, I'd like to say that we should
> have, and I believe we do have, community norms against ad hominem attacks
> and slurs.  I am seeing more and more discussion that involves these insults
> lately.  My style is to be very thick skinned, try to provide a polite
> example, and allow for the possibility that the person means well but
> perhaps isn't writing in their first language, or doesn't know how to take
> the extra precautions needed in an text-only form of communication to avoid
> the appearance of rudeness.  This does not mean that I like the tone of the
> conversation.
>
>
>
> Unfortunately, not addressing the tone has a bad effect of keeping others
> observing the conversation from joining in; nobody wants to spend extra time
> on this or being attacked.  It's a chilling effect that we don't want to
> have.  I want to welcome all who wish to contribute to the conversation, and
> do not want them to fear being personally attacked by doing so.
>
>
>
> Peter, I have to say I'm not quite sure what you were saying above in your
> last response to Santosh.  Some parts of it seemed quite rude to me though
> and I understand why Eran would react the way he did.  Please take this as
> friendly feedback.
>
>
>
> I hope that we can take this as a warning, be more careful and considerate
> in communication, and keep it polite while still having a good and spirited
> technical discussion.
>
>
>
> -John
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4604 (20091113) __________
>
>
>
> The message was checked by ESET NOD32 Antivirus.
>
>
>
> http://www.eset.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091113/14df8977/attachment-0001.htm>

More information about the general mailing list