<br>>> 1. Adoption of OpenID by relying parties isn't on-par with the amount of providers available. How would you improve that ratio?<br>Google has a few projects related to increasing the use of federated login including Blogger, FriendConnect, and our generic Google Accounts IDP. My focus, and also personal passion for years pre-Google, has been adoption of federated login by the 100 websites with the largest # of logged in users. 100 sites is not many compared to the much larger number of potential smaller sites that could become RPs, however I believe it will have more visible impact for average users. That group already understands the potential business value, but does not believe the technology is ready yet, especially from a usability perspective, and I think they are right. So I will continue to focus on identifying the improvements needed to convince that group to adopt federated login. I think other members of the current board, and candidates for the additional seats, are better positioned to increase the absolute number of RPs.<div>
<div><br><div>>> 2. What is it that should be done in order to have big providers like Google, Yahoo!, Microsoft rely on other operators?</div><div>This is best answered by a blog post I made right after Google announced our generic IDP.</div>
<div> <a href="http://google-code-updates.blogspot.com/2008/10/moving-another-step-closer-to-single.html">http://google-code-updates.blogspot.com/2008/10/moving-another-step-closer-to-single.html</a></div><div>In paragraph 4+ I try to explain that Google already is a relying party to thousands of domains in our AppsForYourDomain service, and from that experience we have learned that our rich-client apps are causing huge problems. We already have paying customers yelling at us about this, so we have to solve it, but it won't happen overnight. Microsoft/Yahoo, and even Plaxo, have the same problem.</div>
<div>The other challenge is how do we modify the Google Accounts login box. We have done a ton of research on that question, and think we may have hit on a good answer, however all the previous attempts we tried failed miserably so we certainly won't become an RP for our traditional consumer services until that issue is resolved.</div>
<div><br></div><div>>> 3. Do you think that a trust relationship framework should be created, similar to PKI auditing (or any other/similar idea) in order to allow relying parties easily trust on other operators? Or what would you suggest instead?<br>
</div><div>When I talk to top 100 websites, the trust issues for them are not about security. The trust issues are about the usability and reliability of the IDP. For example, Yahoo's updated IDP user experience is now quite simple, however the websites we talked to made it very clear they would never use Google as an IDP if we had a user experience like Yahoo's older one. But that still creates a problem for those websites to identify which IDPs provide a simple/reliable experience. Some of that may be addressed by SaaS vendors who run IDPs as a service like <a href="http://symplified.com">symplified.com</a>, Janrain, Ping Identity, MS Azure, etc. A mainstream website might trust any IDP who is hosted by a known SaaS vendor. However for the longer-tail we may see a need for companies who build a business out of validating the UI/reliability of IDPs and selling those lists to other websites.</div>
<div><br></div><div>>> 4. Do you think that instead of hiring an executive director, the load of the different tasks could be shifted to a small group of different persons instead (foundation management)? Would you view a such a scenario possible and perhaps more efficient? (Considering the amount to be paid for an ED, I suspect that many highly motivated and capable individuals from within the community or from outside could do a better job than one individual and receive fair compensation for their work.)<div>
In the near term there is a lot of administrative/head-banging work that has to be done, and I don't see how to avoid that. Longer term (6+ months), I expect one of the key roles of an ED in this space will be to serve as a more formal spokesman about OpenID to the press. In the last few months I have seen an increase in awareness of OpenID amoung mainstream websites, however that has actually hurt our community in some ways because most of those folks who became aware of it did more research and decided it was not in very good shape. One of our challenges is that OpenID addresses a bunch of possible use cases, and so our external messaging comes across as very muddied. As we solidify our approach to more of these use cases, we need an ED who can help us interact with the press and analysts to provide short/clear messaging about when and how OpenID should be used.</div>
<div><br></div><div>Eric Sachs</div><div>Senior Product Manager, Google Security</div><div><br><div class="gmail_quote">On Thu, Dec 4, 2008 at 5:14 AM, Eddy Nigg (StartCom Ltd.) <span dir="ltr"><<a href="mailto:eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div text="#000000" bgcolor="#ffffff">
There are a few questions I'd like to ask the current nominees in order
to get a better picture about which ideas a nominee represents. Of
course the questions are specifically what I feel important:<br>
<br>
<ol>
<li>Adoption of OpenID by relying parties isn't on-par with the
amount of providers available. How would you improve that ratio?</li>
<li>What is it that should be done in order to have big providers
like Google, Yahoo!, Microsoft rely on other operators?</li>
<li>Do you think that a trust relationship framework should be
created, similar to PKI auditing (or any other/similar idea) in order
to allow relying parties easily trust on other operators? Or what would
you suggest instead?<br>
</li>
<li>Do you think that instead of hiring an executive director, the
load of the different tasks could be shifted to a small group of
different persons instead (foundation management)? Would you view a
such a scenario possible and perhaps more efficient? (Considering the
amount to be paid for an ED, I suspect that many highly motivated and
capable individuals from within the community or from outside could do
a better job than one individual and receive fair compensation for
their work.)<br>
</li>
</ol>
<br>
<div>-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, <a href="http://www.startcom.org" target="_blank">StartCom Ltd.</a></td>
</tr>
<tr>
<td>Jabber: </td>
<td><a>startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org" target="_blank">Join the Revolution!</a></td>
</tr>
<tr>
<td>Phone: </td>
<td>+1.213.341.0390</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br></div></div></div></div>