[OpenID] OpenID Providers Invited to Join in an NSTIC Pilot Proposal

Mon Feb 13 18:47:26 UTC 2012

One thing  that terrifies me (about NSTIC) is that its going to be an agenda-fest - for 1000 different agendas. Some of them are very technical. Some folks want a world in which this or that technology is used (being all about the web). Folks dont seem to realize that NSTIC is not limited to the web (or is about web browsers). Some people want to get on an lets kill microsoft bent (becuase they may feel NSTIC is all about open source software manufacturing business models). Other people, may want to pursue this or that standard (e.g. HTML5). Some of them are going to be non-technical (how do folks pursue a mindshare agenda, or a cyberwar positioning, or an anti-Chinese, pro-Indian state dept policy, on this or that or the other).

Some folks will also be gtrying to move us beyond the models that failed (PKI, etc); others will be wanting to object to the term "failure" associated with the label PKI. Some smartcard firms may feel the whole play is about FIPS 201. Other may feel that only the "model" of openid being pursuded in the various committees of this group are relevant (and what wordpress or b log spot do when "blog commenting" is no longer "valid").

Some folks are trying to solve the evil-CA problem (how can be ensure that some CA sells it root key, and now abyone can guy a cert for $20 based on domain-name check); which pollutes the quality of interaction with OpeniD providers (which leverage https, for secure discovery).

Obviously, for funds at $10m, little or none of the above is going to get settled. So what can the funds do (without starting 1000 religious wars)?

its pretty clear from the criteria that the funds are there for folks who are "in the mindset" of the program (and not merely wanting the program to be picking their particular 1 agenda - to be the right one of the 1000 religious agendas to be fought).

I read Dons missive carefully. And, its clear that openid foundation does have a common mindshare with NSTIC (having been mentored, for the last 2 years...). Presumably, the larger foundation members also share that common mindshare, to at least a minimum degree. The program that could be "endorsed" by the foundation have to be pursuing the future-looking work on the foundation (and not merely deploying with some widget advantage the openid we all saw written up 3 years ago).

ive seen so far only 1 project so far that (were I the funding authority) Id classify as "being in the mindset" of the program (and portentially eligble for some funds). It was actually in a particular subgroup of the webid project, that not only hooked up SSL and client certs along with openid transactions, but did something rather more (than merely that). It attempted to show that another latent infrastrcuture (the linked data version of the web) is "not far off" playing the role that the X.500 played for DoD and NATO backroom infrastructure, 20 years ago. If I put this together, the world of https, modern openid, forward looking openid with RP popups and privacy-policy management for attributes enable me to "envision" there being a "national infrastructure" - similar to the north american numbering plan, the USPS + CanadaaPost + Mexican Post, the GPS, or wireless specturm management folks, the highway engineering standards board, ...

nbut, I think we havre to look at this as a "what is the national infrastructure" - not how do we do it, competing away on some agenda or other.

of course, someone will say that I just defined a particular agenda. But, such is the life of a funding officer on the policy/technology boundary. Any one persons "useful" boundary is someone else's nemesis.

If we think like the poor funding officer in the program office, perhaps it will help. What character of proposal make it possible for him/her to make a decision (and one that lots of folks can applaud,  even if you are not the recipient of some funds yourself). i think this is what is necessary, on this particular funding plan. It has to speak above and beyond the tech-wars (and Don made this point nicely, in his missive). It has to be painting a tone poem that expresses its idea, and *not* executing it -  beyond a proof of concept stage.