[OpenID] One developer's first encounter with account chooser (openid connect?)
Nat Sakimura
sakimura at gmail.com
Thu Oct 18 22:42:24 UTC 2012
You do not need a membership of OIDF to join a work group.
For a work group to take up any technical content, the author of the
content has to sign the IPR Contribution Agreement, and that is the only
requirement. I am sure you understand we need the contribution agreement,
since otherwise it may cause IPR pollution and cause a lot of problems down
the road. As such, the WG cannot incorporate any comments made in General
list, as it is not IPR protected.
Wrt the implementations, the AC WG is working on the spec that people can
implement independent of Google toolkits.
So, eventually, you will start to see other implementations from other
people than Google.
Nat
On Fri, Oct 19, 2012 at 5:06 AM, Peter Williams <home_pw at msn.com> wrote:
> Thankyou but no. General comment is my limit, given the wider implications
> of membership, etc. General comment is what this list is for.
>
> But, to be fair to Google, I did conclude my original idea (simply making
> wordpress talk to an IDP, leveraging the Account Chooser intermediation,
> with auto-account creation). I wrote up my own little efforts at a trial at
> http://wp.me/p1fcz8-30a. It says... the technology works. Then some of
> the implications of “working” integration are explored, without being
> academic.
>
> If I was more sociable, perhaps Id have been on some Account Chooser or
> wordpress plugin list that could have given direction, earlier. At the same
> time, by operating blind, its been useful to view the integration very
> skeptically. Questioning the policy implications of the intermediation
> service came about from the nature of the technology integration
> itself, being obvious. I’m left with a stronger question to now ask: would
> I want it (now it works)?
>
> Its been a little unfair to target to Google and so publicly be critical -
> since their enforcement technology is so clearly well done (and its all
> probably still formally a beta rollout). Clearly, national-scale mandatory
> security policy enforcement via websso has take a strong leap forward. The
> questions now are: are the TTPs policy rules right? Where is involvement of
> a TTP-class IDP or IDP trust broker even appropriate?
>
> Do any other vendors have public trials? Id like to figure if the policy
> enforcement is essential to the opened connect concept, or its just a
> google value add (for its business model). If I think back to our first
> efforts with SAML, the VERY first thing we did was abandon the Shibboleth
> community’s policy control concept...the abandonment of which turned out
> crucial for the adoption of websso in a more decentralized (and
> economically vital) community with a strong aversion to centralized policy
> management ... of ANY kind. The same kinds of questions are increasingly
> pertinent for opened connect, evidently.
>
> Sent from Windows Mail
>
> *From:* Nat Sakimura
> *Sent:* October 17, 2012 6:44 PM
> *To:* Peter Williams
> *CC:* openid-general at lists.openid.net
> *Subject:* Re: [OpenID] One developer's first encounter with account
> chooser (openid connect?)
>
> Perhaps you can join Account Chooser WG and give your formal feedback so
> that the WG can incorporate them?
>
> Nat
>
> On Thu, Oct 18, 2012 at 4:03 AM, Peter Williams <home_pw at msn.com> wrote:
>
>> In a word: frustrating. http://wp.me/p1fcz8-2YW. It was frustrating on
>> multiple levels.
>>
>> Obviously the code is fixable, but one worries about the very "idea" -
>> there seems a desperation in the desire to remove local IDPs - including
>> those granting access to privileged administrator configuring (broken)
>> federated logon!
>>
>> To be fair, the default Microsoft ASP.NET web app project built by the
>> released version of visual studio 20102 doesn't work, either - when taking
>> up the federated (OAUTH/openid) login option and its display of a set of
>> IDPs, configured locally. It doesn't even compile, link and load! Thus, I
>> have not even so far as work with its attempt to showcase Openid Connect,
>> or see if things interwork yet with Google's implementation, etc.
>>
>> Sent from Windows Mail
>>
>>
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-general
>>
>>
>
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20121019/48e5a0fb/attachment.html>
More information about the general
mailing list