[OpenID] Fwd: [dotnetopenid] DotNetOpenAuth announces support of the Government profile of OpenID

John Kemp john at jkemp.net
Thu Sep 10 15:06:01 UTC 2009 

Hi Peter,

On Sep 10, 2009, at 9:40 AM, Peter Williams wrote:

[...]

>
> This is the wrong thread to say this: but the profile is not  
> surviving the early shakedown test. I see its goals, tradeoffs and  
> compromises. They are articulated well enough and with enough  
> personality and passion for even me to suspend my normal assumption  
> of deception and double dealing at *anything* USG does in the  
> security/private arena. But, my gut is telling me that this profile  
> of openid really is sacrificing the soul of the entire movement to  
> win adoption. But, I;m also convinced from watching 3 years worth of  
> subtexts that this was always the end goal of the leadership:  
> dethrone SAML, usurp the crown, and do the same thing essentially  
> with lighterweight technology sold with UCI-themed badge on the  
> front -- to placate the plebs.

I think this is pretty unfair, to the "leadership" and everyone else  
who has worked on OpenID.

I was involved with SAML from almost the very beginning (and before  
that, other similar security-oriented protocols), and have followed  
OpenID with just a little cynicism as I have watched the specification  
grow and duplicate some of the work we did in SAML. But a very major  
achievement of OpenID, which we did not ever -- or yet, anyway ;) --  
get close to with SAML, is to get "ordinary people" (not techies, or  
those working in specific "enterprisey" domains) interested in the  
notion of SSO and online identity.

It is also (I think) quite excellent that the US government is taking  
enough interest in the "grassroots" movement that has surrounded  
OpenID to actually do something to include it in these profiles.

Of course there are corporate interests involved. And of course, the  
government will ask for the features it wants. But this latter, at  
least, is open to public scrutiny, and the former existed long before  
the government chose to profile OpenID.

I recognize that there will be attempts to co-opt the grassroots  
nature of OpenID, just as there always have been. And that there must  
be compromises in order to gain adoption. Nothing new there.

As a soon-to-be citizen of the USA myself, I'm very happy to see the  
US government do this, and I congratulate the OpenID "leadership" on  
the efforts that made it possible.

Regards,

- johnk

More information about the general mailing list