[OpenID] The death (and life) of a protocol

Peter Williams home_pw at msn.com
Tue Jul 31 20:16:33 UTC 2012 

I know many thousands read you newsletters. And, there you lead opinion.  Thats your job.
 
But what is the opinion - that some bit of technology got old? Wow. This only happens about once every 18 months, down from every 24 months. Thats about how long software technology initiatives last. But, some do strike a chord - and last longer. What are they, in this area? Or is the latest thing just "another" fad?
 
I was at a conference recently, less than a month ago, that featured a number of opinion makers. Some USED to be SAML opinion makers (but now no longer are). In fact, some were about as high-ego about SAML as others now are about not-SAML. But who cares? We have a bunch of engineering types riding this years wave vs last year's wave - wave's that typically only lasts 2-5 years if the technology gets off the ground, at all. 
 
Being slow, and ponderous, and given my space has years and years of legacy attitudes to contend with just as the US Navy has to design today considering those ships that were fitted out 20 years ago, it doesnt help me sell to my folks the latest wave if the wave that was (last year's wave, ot the wave from 5-10 years ago in my space seeing as we are slow) is now dissed before half of them even adopted the old stuff ago. Folks just wait on hearing the very "tone", assuming the latest fad is just as bad the fad that got dissed.
 
SAML is a part of the US national infrastucture strategy for id - a multi-community political consensus built on a rationale that looks 5 years back and 5 years forward, at the same time. If Openid community is in a (marketing) war over mindshare, it missing the strategy and is renaging on its part in that political agreement - by failing to act in a mature way. Once standards move from vendors agitating for mindshare at conferences to a world of participating in national and international planning, folks have to transcend the somewhat any an all childish pettiness (my standard is better than yours, so there).
 
What I want to hear from David Kearns is what it is that OAUTH and later era designs have, that SAML did not have, and what it was in the the world that changed on SAML (showing up how its assumptions tied it to a world that did not sustain). With that, I will know the differences due to the excellence in innovation or understanding. I think I know the why it was, but I want education - not tied to a vendor with an angle. I dont want to exchange a standard notating bits with another standard notating bits in a different order. WIth that I will know how to better evaulate this years bunch of vendors doing marketing of this or that mindshare message. I know how to stay focussed on a national strategy. I have a way to stay above vendor bickering, or standards groups bickering.
 
> Date: Tue, 31 Jul 2012 15:42:10 -0400
> From: dkearns at gmail.com
> To: openid-general at lists.openid.net
> Subject: Re: [OpenID] The death (and life) of a protocol
> 
> Peter, Peter, Peter, you ignorant slut (to paraphrase Dan Akroyd) -
> 
> No one pays a penny to read my newsletters, but many thousands do read 
> them (perhaps because they don't have to pay - who knows?)
> 
> It's an opinion piece exactly because that's what the newsletters 
> promise to my readers - my opinion. And the event was last month, not 
> last year (did you read the newsletter?)
> 
> Judging from the twitter stream and the comments on this newsletter, 
> it's hard to take it as "the pulse of some community". More like 
> swimming against the tide.
> 
> What, exactly, was it I was supposed to tell you a year ago?
> 
> -dave
> 
> On 7/31/2012 3:06 PM, Peter Williams wrote:
> > I didnt like tone of the Kearns et al brigade, off selling 
> > subscriptions to a newsletter full of opinion pieces. It reminds me of 
> > a journalist who does nothing but take pulses of some community to 
> > which he is invited, and writes about them in a leader piece. If that 
> > community is swinging one way, the journalist opines how great it is. 
> > If it swings the other, the same journalist says how awful it is. 
> > There was nothing the journlist was adding (other than reporting is 
> > attempting to swing some opinion). It reminds me of the 1996 era when 
> > we used to give journalists (or their editors) stock options, to place 
> > stories about how wonderful were digital ids.
> >
> > I can sell you an opinion for 5c, too. And thats all its worth. In 
> > fact, mine are free (being worthless).
> >
> > So when someone descends into the "SAML is dead" line of journalism, 
> > save your 5c and spend it elsewhere. Save up a dollar, and find a 
> > better source of information that is not selling you the time on the 
> > wall clock in front of everyone.
> >
> > Recently, in our world we were able to understand OAUTH 2.0 (and 
> > thanks to Microsoft for getting the articulation of the business 
> > rationale down pat, and Google-land for forcing security for web APIs 
> > to be distinct from security for enterprise-3-tier APIs.). Its a shame 
> > that certain journalists who were in a position to educate (a year+ 
> > ago) didnt do so, merely writing pat story lines for impact. 
> > Presumably, another conference invite is at stake, on the high-ego, 
> > never ending conference circuit (of faux-opinion makers largely 
> > talking to each other about what someone else is doing).
> >
> > There may be a market for second and third hand information, about 
> > last years events. And, Ive no objection to someone making a profit. 
> > But, openid might want to stay in the forground and on the leading 
> > edge, and stay away from talking about last year's events.
> >
> > Now I should end nicely, with praise. Kearns can write, beautifully. I 
> > just find he has nothing to say on the topics that matter, today.
> >
> > > From: sakimura at gmail.com
> > > Date: Tue, 31 Jul 2012 10:24:45 -0700
> > > To: board at lists.openid.net; openid-general at lists.openid.net
> > > Subject: [OpenID] The death (and life) of a protocol
> > >
> > > An excellent article by Dave Kearns.
> > >
> > > 
> > http://blogs.kuppingercole.com/kearns/2012/07/31/the-death-and-life-of-a-protocol/
> > >
> > > But the needs of the enterprise are also important, and the improved
> > > versions of these protocols – OpenID Connect and Oauth 2.0 – are the
> > > future.
> > >
> > > SAML was king, at least in the opening decade of the 21st century, but
> > > the king is dead. Long live the king!
> > >
> > > Nat Sakimura
> > > _______________________________________________
> > > general mailing list
> > > general at lists.openid.net
> > > http://lists.openid.net/mailman/listinfo/openid-general
> >
> >
> > _______________________________________________
> > general mailing list
> > general at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-general
> 
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120731/f4e8f6b3/attachment.html>

More information about the general mailing list