[OpenID] reivew of 5 years of openid. What worked?

Melvin Carvalho melvincarvalho at gmail.com
Sun Aug 19 16:38:30 UTC 2012 

On 19 August 2012 17:50, Peter Williams <home_pw at msn.com> wrote:

>
>
> On
> http://chris-intel-corner.blogspot.com/2011/10/typex-investigation-wwii-mystery.html#comment-formI happenedd to post off an openid-powered comment - on a topic of my
> interest - linking back to the war of crypto groups and related groups
> involved in deception and counter-deception.
>
> Wordpress nicely signaled SSO packets to blogger, and indeed blogger
> insisted I passed a local captcha challenge. 2 blogging platforms
> (painfully) did SSO, with no prior arrangement for my account. This was the
> first time I encountered this all actually working, armed and relevant (vs
> "managed cases" Ive encountered encountered when playing software engineer,
> on testing things).
>
> So did the "blogging platform" vision of openid work? Did the blog world
> (and openid) change SSO... and the nature of the global id debate?
>
> On the basis of the evidence I found from deployed practice in blogging
> world: no. It was far too painful, limited, and with too many caveats. If I
> compare it with my websso signon to live.com (and msn.com, and bing.com)
> which powers my voice calls, video sharing, email, and IM (and even
> something called facebook integration) the openid experience "from
> blogging" was a poor cousin.
>
> At the same time, when I opened the brand new release of Microsoft 2012
> developer software this week, what do we find being given to a few million
> vb programmers but the standard web application builder wizard producing
> code for a stub web-app that has SSO built ino its login button handlers
> (with openid -  that which, on cue, certain UK academics declared a dead
> duck - recall). Trivially , it was talking to google's openid IDP,
> twitter's oauth IDP, and via ws-fedp to my directory IDP, my own web app
> IDP, and even the Microsoft cloud IDP relay (with its home realm UI
> selector, for jquery-friendly IDP selector popups). Apparently, if you have
> money and sheer willpower, it can be made to talk to the Shibboleth-centric
> world of SAML2, too.
>
> So ... wow! SSO in blogging may not have made it... but the protocol made
> it! Clearly.
>
> Now what there was NOT ... in any of that success was "openid connect".
>
> I guess that openid connect will be better received ONCE the community
> counts amongst its success all its previous incarnations ... such as those
> described above. It has to be proud of all its history, not just the latest
> deliverable.
>
> What seems to have finally "re-sounded" is the openess - and the ability
> for folks to now go pursue lots of integration styles. And, not, just one.
>
> I think I may award openid Peter's "self-signed cert" medal - that honour
> bestowed on movements who liberate a technology from tech-religion,
> proprietary controls, patents, spooky committee-land, and all manner of IP
> constrictures around commodity-crypto applications.
>
> Just like there are a million or so private CA with self-sgned certs on
> LANs that noone accounts for, and who knows who many home routers with a
> self-signed SSL server cert, lets now go estimate how many twitter-based or
> microsoft-based or google-based oauth-apps come into being in private LANs
> (that noone accounts for, being non-public domains-names). This is the real
> test .. adoption by open and ungoverned crypto technology adopting group
> (for some commodity convenience).
>
> Of course, given a liberated platform, folks in certain sub-communities
> get to impose medium and high assurnace regulation on top - which is just
> fine too (given some identified need for better assurance).
>

I think what worked best with OpenID is the message that we need an Open
Identity system for the Web, rather than something
proprietary/bespoke/centralized.

Perhaps it could be argued by some, that due to politics, the vision was
never quite fully realized.

But I think it has been a good try.  Certainly the conversation has moved
forward in that time.

_______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120819/a9ee2be1/attachment.html>

More information about the general mailing list