[OpenID] Fwd: [dotnetopenid] DotNetOpenAuth announces support of the Government profile of OpenID

Peter Williams pwilliams at rapattoni.com
Thu Sep 10 15:43:56 UTC 2009 

>From that, I will guess that you and I are on a very similar page: there is a hard-won, slightly-miraculous opening that has not existed before. And, one must be positive to exploit it (and not focus on crappy pre-history which can spoil the mood and the moment of opportunity).

But, you cannot plead populism (uci) and deliver corporatism.

Or, if you do, you have to fess up to your change in heart. You have to make the case openly : that the mission has changed.

I too could not be happier to see GSA come out from the under the shadow of DoD; finally they are empowered enough to mount a civilian-led infrastructure.  And, I could not be happier to see openid being all about privacy, rather than security. If DoD/NSA have maturity as agencies, they will recognize that they bootstrapped it all; and they will now let it flower and spread however it will.

But, on the scale we are dealing with here, it's all about trust; particularly in the international space.

The only reason I've let go on the secret meetings and the exclusionary processes is... because they clearly and obviously leaked technical details; and they leaked because folks were uncomfortable about those dynamics. Thus I gave folks a pass, recognizing that sometimes a private place is better to find a techno/political consensus than the public forum.

The real test is now, however. If I can trust John and co to have got us to 95%, the public commenting period has to apply the final, figurative 5% which gets their buyin too. If its presented as a done-deal, then we are sunk.

Can openid be an "ongoing" grassroots movement, and now reflect the 5% of what is usually mostly about feel-good factors (i.e. vanity)?

I agree that non-technie interest in SSO is the key; and a unique selling point of SSO. I have a million realtors, as non-technie as it gets, infatuated with the promise of SSO. But , they are also a true grassroots movement, expecting a decentralized, user-centric, populist delivery (because that's how they are organized). Their very existence is a position of trust, for 100,000,000 consumers. They cannot and will not lie. They are dealing with the "public trust".

I think my ultimate message is this: once you unleash populism in a movement like openid, you can neither play the spin - game nor play politics for its own sake. You have to deliver.

-----Original Message-----
From: John Kemp [mailto:john at jkemp.net]
Sent: Thursday, September 10, 2009 8:06 AM
To: Peter Williams
Cc: openid-general at lists.openid.net
Subject: Re: [OpenID] Fwd: [dotnetopenid] DotNetOpenAuth announces support of the Government profile of OpenID

Hi Peter,

On Sep 10, 2009, at 9:40 AM, Peter Williams wrote:

[...]

>
> This is the wrong thread to say this: but the profile is not
> surviving the early shakedown test. I see its goals, tradeoffs and
> compromises. They are articulated well enough and with enough
> personality and passion for even me to suspend my normal assumption
> of deception and double dealing at *anything* USG does in the
> security/private arena. But, my gut is telling me that this profile
> of openid really is sacrificing the soul of the entire movement to
> win adoption. But, I;m also convinced from watching 3 years worth of
> subtexts that this was always the end goal of the leadership:
> dethrone SAML, usurp the crown, and do the same thing essentially
> with lighterweight technology sold with UCI-themed badge on the
> front -- to placate the plebs.

I think this is pretty unfair, to the "leadership" and everyone else
who has worked on OpenID.

I was involved with SAML from almost the very beginning (and before
that, other similar security-oriented protocols), and have followed
OpenID with just a little cynicism as I have watched the specification
grow and duplicate some of the work we did in SAML. But a very major
achievement of OpenID, which we did not ever -- or yet, anyway ;) --
get close to with SAML, is to get "ordinary people" (not techies, or
those working in specific "enterprisey" domains) interested in the
notion of SSO and online identity.

It is also (I think) quite excellent that the US government is taking
enough interest in the "grassroots" movement that has surrounded
OpenID to actually do something to include it in these profiles.

Of course there are corporate interests involved. And of course, the
government will ask for the features it wants. But this latter, at
least, is open to public scrutiny, and the former existed long before
the government chose to profile OpenID.

I recognize that there will be attempts to co-opt the grassroots
nature of OpenID, just as there always have been. And that there must
be compromises in order to gain adoption. Nothing new there.

As a soon-to-be citizen of the USA myself, I'm very happy to see the
US government do this, and I congratulate the OpenID "leadership" on
the efforts that made it possible.

Regards,

- johnk

More information about the general mailing list