<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Peter,<br>
<br>
For me Open Source is about the source, An Open Standard is about the
standard. GPL is an open source license (for the legal stuff). Policy
and practice statements have certainly nothing to do with open...<br>
<br>
Communities are communities...there are many different kinds of.
Needless to point out where this comes into play at many of the open
source projects, but there is open source without a community and there
are communities without any source.<br>
<br>
CAcert is a (not so open) community which runs a web-of-trust; no open
standard and no open source. And since you touched the word
"obligations" below, at CAcert there are no obligations. There isn't
any liability either and if you have worked with volunteers in any/most
community projects than I'm sure you know where the commitments end...<br>
<br>
Perhaps what OpenID is, somebody else knows to define better than me,
but right now for me it seems to be an open standard. Similar as
Jabber/XMPP is an open standard. Or many other open standards out
there...<br>
<br>
<div class="moz-signature">-- <br>
<div><font face="Arial" size="2">Regards</font></div>
<div><font face="Arial" size="2"> </font></div>
<div><font face="Arial" size="2">Signer: Eddy Nigg, StartCom Ltd.</font></div>
<div><font face="Arial" size="2">Jabber: <a class="moz-txt-link-abbreviated" href="mailto:startcom@startcom.org">startcom@startcom.org</a></font></div>
<div><font face="Arial" size="2">Phone: +1.213.341.0390</font></div>
</div>
<br>
<br>
Peter Williams wrote:
<blockquote
cite="mid:18498B6C4F691545B050D6A531BA449502BAA423@rapmsg02.rapnt.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.q
{mso-style-name:q;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></b></p>
<p class="MsoNormal"> Also CAcert has nothing - I repeat NOTHING - to
do with
"Open Source" whatsoever, but CAcert is a community operated
web-of-trust scheme.<br>
<br>
<span style="color: rgb(31, 73, 125);">--------------------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">This got
me thinking, all
afternoon. Open Source means folks writing software, one might infer.
So, why
did I feel right to use the term?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">In my
view, Open Source means writing
legal agreements (a form of software). Use of community property begets
certain
obligations.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Open
Source means writing
federation policies. Use of community property begets certain
obligations.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Open
Source means developing/writing
certification practice statements? Use of community property begets…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">It’s a
state of mind, surely: not
merely the ability to be a god of Unix device drivers.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">If OpenID
- as a vendor-led community
– is heading for the fully de-centralized infrastructure vision that is
implied
by its technological potential, OpenID folk and CAcert folk should
actually get
on fine – old PKI wars about browsers and certs, aside.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">If OpenID
infrastructure turns
out to emulate in its default trust models that used when delivering
https in webland
today (or more viciously, vendor clubs rig the infrastructure with
lobbying funds
so it adopts the “mega-TTP model”), CAcert folks will be in exactly
the same
position with OpenID as they are with the vendors of browsers for the
public:
outcast.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">This has
been actually been an
excellent use case analysis. Organized realty has folks with actual,
analogous approach
to trust management as that being investigated by the CAcert community
in PKI.
Like such people or despise their view on life, they are present and
entirely valuable
participants in the Realty world – at least. We will love you, if
no-one else
will! Folks may not realize it, but 1.3 million Realtors are amongst
the world’s
best social networkers. Each individual’s commission check at the end
of the
next month depends solely on that exhibiting that skill. At the same
time, each
Realtor is in competition with the one up the road, as are broker
offices, and
as our towns vying for deals in that suddenly interesting parcel of
land that
was desert, 30 years ago. So, lots of interesting,
local-community-driven trust
practices have evolved over the last 30+ years of online brokering.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Mental
note to self: OpenID, at
least when applied to de-centralized realty’s private management
domain, has
to show it can adopt, extend and live happily with a CAcert approach to
trust
management (as well as other means, such as assurances-based
evaluation). After
all, SAML2 had no problem; and is functionally identical to OpenID. If
OpenID in
practice comes overly loaded with a preset set of ideas about how
Realty shall
orchestrate trust management, it might well not be suitable for
adoption. But,
finding this out is exactly why I’m here, and why several of us are
reaching
out to OpenIDers!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
</div>
</blockquote>
<br>
</body>
</html>