[OpenID] The death (and life) of a protocol
Peter Williams
home_pw at msn.com
Wed Aug 1 00:29:25 UTC 2012
About 2 or 3 years ago, I asked a Google rep on stage about its SAML support. And, it got a carefully worded reply. There was support (its there) without endorsment (i.e. suffrance). Folks had not developed their own style of design, or see it used and endorse. They were not vested in the SAML world, that is; and need to define a novel contribution. This year, the attitude had changed. It was: we said we would be multi-protocol, and there are various interfaces of various kinds for all to us. If you want it use the SAML endpoint; do so. If you want the other method, use the other. The time for warring about such matters is over. Each has its pros and cons, based on usage patterns. We have made our contribution, and it is good. WHich is not to say that others dont have equally good use case stories.
The point is that this all this software side of this topic is now commodity (and one can thank Facebook Connect for changing the market dynamics, from federation to SSO portals), and at said point there is now nothing particularly to be gained from vendor folks making vacuous, spurious claims about one bit format over another; or mis-characterizing some other flow as somehow "wholly inappropriate, dead, and always misguided anyways (paraphrasing)".. Now what matters is (i) that those who are more traditional in their management model leverage the more traditionally-architected method, and (ii) those who are device centric perhaps use the tuned-protocol that just does better at devices. Arguably, some folks may (or may not) want to use a hosted proxy, called openid connect - as a wholly legitimate third option for integration. What matters is that the case has been made for national SSO, and an entire economy can now develop. The winners are obvious. Now, I know it were some inside jokes be cast (kings being dead, etc); but one has to reconize that openid is expected to be a major player, handling the public trust. That a big responsibility for a trade grop. If one agrees to be part of a world of multi-protocol support, one needs to be careful with the jokes, or reference to articles that play up differences (who won, who lost, whose ego is stroked). Such is not where government service vendors - acting in the public interest - want to be. Date: Tue, 31 Jul 2012 23:49:07 +0200
From: sassen at thinsia.com
To: openid-general at lists.openid.net
Subject: Re: [OpenID] The death (and life) of a protocol
The Facebook user having her pip
private internet portal where credentials are stored and just
chooses her profile to enter
her favorite virtual world does not know protocols and peter and
david.
cheers, Roland
On 31-7-2012 22:16, Peter Williams wrote:
I know many thousands read you newsletters. And, there you lead
opinion. Thats your job.
But what is the opinion - that some bit of technology got old?
Wow. This only happens about once every 18 months, down from
every 24 months. Thats about how long software technology
initiatives last. But, some do strike a chord - and last longer.
What are they, in this area? Or is the latest thing just
"another" fad?
I was at a conference recently, less than a month ago, that
featured a number of opinion makers. Some USED to be SAML
opinion makers (but now no longer are). In fact, some were about
as high-ego about SAML as others now are about not-SAML. But who
cares? We have a bunch of engineering types riding this years
wave vs last year's wave - wave's that typically only lasts 2-5
years if the technology gets off the ground, at all.
Being slow, and ponderous, and given my space has years and
years of legacy attitudes to contend with just as the US Navy
has to design today considering those ships that were fitted out
20 years ago, it doesnt help me sell to my folks the latest wave
if the wave that was (last year's wave, ot the wave from 5-10
years ago in my space seeing as we are slow) is now dissed
before half of them even adopted the old stuff ago. Folks just
wait on hearing the very "tone", assuming the latest fad is just
as bad the fad that got dissed.
SAML is a part of the US national infrastucture strategy for id
- a multi-community political consensus built on a rationale
that looks 5 years back and 5 years forward, at the same time.
If Openid community is in a (marketing) war over mindshare, it
missing the strategy and is renaging on its part in that
political agreement - by failing to act in a mature way. Once
standards move from vendors agitating for mindshare at
conferences to a world of participating in national and
international planning, folks have to transcend the somewhat any
an all childish pettiness (my standard is better than yours, so
there).
What I want to hear from David Kearns is what it is that OAUTH
and later era designs have, that SAML did not have, and what it
was in the the world that changed on SAML (showing up how its
assumptions tied it to a world that did not sustain). With that,
I will know the differences due to the excellence in innovation
or understanding. I think I know the why it was, but I want
education - not tied to a vendor with an angle. I dont want to
exchange a standard notating bits with another standard notating
bits in a different order. WIth that I will know how to better
evaulate this years bunch of vendors doing marketing of this or
that mindshare message. I know how to stay focussed on a
national strategy. I have a way to stay above vendor bickering,
or standards groups bickering.
> Date: Tue, 31 Jul 2012 15:42:10 -0400
> From: dkearns at gmail.com
> To: openid-general at lists.openid.net
> Subject: Re: [OpenID] The death (and life) of a protocol
>
> Peter, Peter, Peter, you ignorant slut (to paraphrase Dan
Akroyd) -
>
> No one pays a penny to read my newsletters, but many
thousands do read
> them (perhaps because they don't have to pay - who knows?)
>
> It's an opinion piece exactly because that's what the
newsletters
> promise to my readers - my opinion. And the event was last
month, not
> last year (did you read the newsletter?)
>
> Judging from the twitter stream and the comments on this
newsletter,
> it's hard to take it as "the pulse of some community". More
like
> swimming against the tide.
>
> What, exactly, was it I was supposed to tell you a year
ago?
>
> -dave
>
> On 7/31/2012 3:06 PM, Peter Williams wrote:
> > I didnt like tone of the Kearns et al brigade, off
selling
> > subscriptions to a newsletter full of opinion pieces.
It reminds me of
> > a journalist who does nothing but take pulses of some
community to
> > which he is invited, and writes about them in a leader
piece. If that
> > community is swinging one way, the journalist opines
how great it is.
> > If it swings the other, the same journalist says how
awful it is.
> > There was nothing the journlist was adding (other than
reporting is
> > attempting to swing some opinion). It reminds me of
the 1996 era when
> > we used to give journalists (or their editors) stock
options, to place
> > stories about how wonderful were digital ids.
> >
> > I can sell you an opinion for 5c, too. And thats all
its worth. In
> > fact, mine are free (being worthless).
> >
> > So when someone descends into the "SAML is dead" line
of journalism,
> > save your 5c and spend it elsewhere. Save up a dollar,
and find a
> > better source of information that is not selling you
the time on the
> > wall clock in front of everyone.
> >
> > Recently, in our world we were able to understand
OAUTH 2.0 (and
> > thanks to Microsoft for getting the articulation of
the business
> > rationale down pat, and Google-land for forcing
security for web APIs
> > to be distinct from security for enterprise-3-tier
APIs.). Its a shame
> > that certain journalists who were in a position to
educate (a year+
> > ago) didnt do so, merely writing pat story lines for
impact.
> > Presumably, another conference invite is at stake, on
the high-ego,
> > never ending conference circuit (of faux-opinion
makers largely
> > talking to each other about what someone else is
doing).
> >
> > There may be a market for second and third hand
information, about
> > last years events. And, Ive no objection to someone
making a profit.
> > But, openid might want to stay in the forground and on
the leading
> > edge, and stay away from talking about last year's
events.
> >
> > Now I should end nicely, with praise. Kearns can
write, beautifully. I
> > just find he has nothing to say on the topics that
matter, today.
> >
> > > From: sakimura at gmail.com
> > > Date: Tue, 31 Jul 2012 10:24:45 -0700
> > > To: board at lists.openid.net;
openid-general at lists.openid.net
> > > Subject: [OpenID] The death (and life) of a
protocol
> > >
> > > An excellent article by Dave Kearns.
> > >
> > >
> >
http://blogs.kuppingercole.com/kearns/2012/07/31/the-death-and-life-of-a-protocol/
> > >
> > > But the needs of the enterprise are also
important, and the improved
> > > versions of these protocols – OpenID Connect and
Oauth 2.0 – are the
> > > future.
> > >
> > > SAML was king, at least in the opening decade of
the 21st century, but
> > > the king is dead. Long live the king!
> > >
> > > Nat Sakimura
> > > _______________________________________________
> > > general mailing list
> > > general at lists.openid.net
> > >
http://lists.openid.net/mailman/listinfo/openid-general
> >
> >
> > _______________________________________________
> > general mailing list
> > general at lists.openid.net
> >
http://lists.openid.net/mailman/listinfo/openid-general
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general
No virus
found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2197 / Virus Database: 2437/5167 - Release Date:
07/31/12
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120731/60c710ba/attachment.html>
More information about the general
mailing list