<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hey Eddy,<div>As others have said, thanks for this thread. Responses inline...</div><div><br></div><div>--David</div><div><br><div><div>On Dec 4, 2008, at 5:14 AM, Eddy Nigg (StartCom Ltd.) wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"> <div text="#000000" bgcolor="#ffffff"> There are a few questions I'd like to ask the current nominees in order to get a better picture about which ideas a nominee represents. Of course the questions are specifically what I feel important:<br> <ol> <li>Adoption of OpenID by relying parties isn't on-par with the amount of providers available. How would you improve that ratio?</li></ol></div></blockquote><div>The areas I've focused on the past few years have been getting OpenID into the tools that developers and website builders are already using. This means more than just having good Open Source libraries in a dozen different languages, but making it dead simple to add OpenID to your Rails app, Django app, MediaWiki install, blog, etc. The Bounty program was designed to help achieve this and while we haven't awarded all of the bounties, after a year it started to drop off of people's radar I think it was an effort in the right direction. Today, my laptop running stock OS X 10.5 includes a Ruby on Rails development environment with about a dozen Ruby Gems (packages) where one is a Yadis library and another for OpenID.</div><div><br></div><div>Going forward, I think we need to focus on multiple aspects to increase the number of relying parties and shift the balance toward more notable sites like MapQuest.com:</div><div><br></div><div>1) The Foundation should facilitate the improvement of Open Source implementations of OpenID. The past few months I've been hearing that the current libraries are no longer at the level they need to be and <a href="http://openidenabled.com/">http://openidenabled.com/</a> seems to have partially turned into an ad for JanRain's RPX. The OAuth community has been successful in having a shared Google Code project where all of the open source implementations in each language live and are maintained. I tried to do this a few years ago with moving the libraries into a project in the Apache Software Foundation but that fell apart.</div><div><br></div><div>2) It isn't currently as clear as it could be *how* to implement OpenID on your site following best practices. Joseph Smarr wrote a guide two years ago (<a href="http://www.plaxo.com/api/openid_recipe)">http://www.plaxo.com/api/openid_recipe)</a> which is now out of date and Simon Willison and I gave a 3-hour tutorial (<a href="http://www.slideshare.net/daveman692/openid-bootcamp-tutorial">http://www.slideshare.net/daveman692/openid-bootcamp-tutorial</a>) with nearly 100K views which is also out of date though those are currently some of the best resources. The Foundation needs to continue facilitating the development of best practices to make it easier for developers, designers and product managers to understand how to implement OpenID logins on their site. I'm also working with Laurie Rae on writing a book for O'Reilly (which will become Creative Commons) to help document some of this stuff.</div><div><br></div><div>3) The value of accepting OpenID logins needs to be increased. Facebook Connect clearly provides access to profile information and a way for site owners to virally share activities. In my mind, this is the largest task that OpenID, OAuth, and OpenSocial will need to address collectively next year.</div><div><br></div><div>4) The Foundation should continue holding meetings like the Content Provider one in NY a few months ago to work with Relying Parties and understand what they need to be successful with OpenID. We should be proactively approaching potential Relying Parties and holding open meetings in a variety of cities.</div><div><br></div><div>5) The Foundation should be in contact with analysts to help them better understand the space and what value OpenID offers.</div><div><br></div><blockquote type="cite"><div text="#000000" bgcolor="#ffffff"><ol start="2"> <li>What is it that should be done in order to have big providers like Google, Yahoo!, Microsoft rely on other operators?</li></ol></div></blockquote><div>Time. These companies each have their own internal issues to work out and I have confidence that they will. No one thought that they would become Providers in the first place, but I remember spending nearly a year working with Yahoo! helping the team formulate their business case to upper management and then figuring out their implementation. The Foundation and Community must be supportive of these companies understanding that they can't do something at the speed of a startup while we offer as much help as they're willing to accept.</div><div><br></div><div>Just as we need to work with potential Relying Parties to better understand what they need to be successful with OpenID, we need to do the same thing with these Providers.</div><div><br></div><blockquote type="cite"><div text="#000000" bgcolor="#ffffff"><ol start="3"> <li>Do you think that a trust relationship framework should be created, similar to PKI auditing (or any other/similar idea) in order to allow relying parties easily trust on other operators? Or what would you suggest instead?</li></ol></div></blockquote>Ignoring the technical side of this, I do think that we'll reach a point where Relying Parties will need to learn more about how trustworthy a given user or their Provider is. I don't believe that the OpenID Foundation should be running such a trust network, certification, or accreditation programs.<br><br><blockquote type="cite"><div text="#000000" bgcolor="#ffffff"><ol start="4"><li>Do you think that instead of hiring an executive director, the load of the different tasks could be shifted to a small group of different persons instead (foundation management)? Would you view a such a scenario possible and perhaps more efficient? (Considering the amount to be paid for an ED, I suspect that many highly motivated and capable individuals from within the community or from outside could do a better job than one individual and receive fair compensation for their work.)</li></ol></div></blockquote><div>I think that it's important to have accountability when any group of people are being paid to do something. As the board is made up of a group of volunteers, I do believe that having a paid ED is needed to really move the organization forward. In the past I've thought about how this role could be split up, but today I think our focus must be on getting a strong ED on board who can execute and show the value of the Foundation.</div><div><br></div><blockquote type="cite"><div text="#000000" bgcolor="#ffffff"><ol start="4"><li><br></li></ol> <div class="moz-signature">-- <br> <table border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td colspan="2">Regards </td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <td>Signer: </td> <td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td> </tr> <tr> <td>Jabber: </td> <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td> </tr> <tr> <td>Blog: </td> <td><a href="http://blog.startcom.org">Join the Revolution!</a></td> </tr> <tr> <td>Phone: </td> <td>+1.213.341.0390</td> </tr> <tr> <td colspan="2"> </td> </tr> </tbody> </table> </div> </div> _______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net">general@openid.net</a><br>http://openid.net/mailman/listinfo/general<br></blockquote></div><br></div></body></html>