An additional thought...<br><br>If we were willing to concede that large OPs such as Microsoft, Google and Yahoo! will be around forever and will never charge their users for their OpenIDs, then perhaps we could do away with the technological hurdle and just work at convincing these big players to be willing to use XRDS docs instead of mere HTML tags and give their users the power to change the XRDS document, including adding and removing of OPs from the list). The purpose being that if I had an OpenID that I was locked into using due to existing accounts with RPs such as <a href="http://openid.live.com/andrew">http://openid.live.com/andrew</a> and I wanted to switch from Live ID to Yahoo, then I could just visit my Live ID identity page, change a few options, and suddenly my Live ID identity page will start sending RPs to Yahoo instead of Live ID auth.<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Thu, Jan 1, 2009 at 7:49 PM, Andrew Arnott <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Peter, I split your message off into a new thread because you bring up an excellent point that I believe merits further discussion, but is less related to the original thread.<br><br>I just want to add a few thoughts, all of which center on the <i><b>average</b></i> user.<br>
<br>First allow me to declare my assumptions on the average user:<br><ol><li>Will not own a domain name of their own and will not want to pay an annual domain name fee.<br></li><li>Will not understand what a web hosting service is</li>
<li>Will not understand XRDS or HTML tags.</li><li>(currently) Barely understands how they can log into some random site using their Yahoo! credentials, and doesn't know or care whether OpenID is used behind the scenes.</li>
<li>(currently) Has not heard of OpenID and has no idea how to log in with one.</li><li>(soon) Might use OpenID without knowing it by clicking on a big name OP that they're familiar with and using directed identity.</li>
</ol>Two ideals in OpenID (not a comprehensive list)<br><ol><li>OpenID achieves the decentralization of identity providers. Kudos.</li><li>OpenID promises provider-neutrality of your identity by allowing identity pages to be hosted independent of any OP that can be easily redirected to whatever OP the user wants to use.<br>
</li></ol>Both of these ideals of OpenID are very worthwhile and desirable IMO. But the second one cannot possibly come true for the average user as far as I can imagine. There is <i>no</i> way to have a Claimed Identifier that can withstand a change in its hosted provider unless the user owns his own domain name. The average user won't know that they should (let alone <i>how</i>) add a layer of indirection to their OP-provided identity page in order to give themselves greater flexibility in the future and avoid vendor lock-in. <br>
<br>The only way to achieve the second ideal then would be for the OPs to somehow have the capability to offer their users a Claimed Identifier that will survive even if the user chooses to cancel their account with that OP at a later date. Even if this were technologically possible, convincing the major OPs (that most users will pick whether knowingly or unknowingly) to offer all their customers a default behavior that would make it easier for the customer to leave the OP would be very difficult. From the OPs business perspective it wouldn't make sense to do that. But of course from the user-perspective it makes perfect sense and should be done.<br>
<br>I used to think that XRIs were the answer to the technological hurdle. But unless the user is paying an annual fee for a root-level i-name and hosting the XRDS doc, the user is bound by an =<i>OP*</i>name prefix to their i-name and therefore forever bound to that OP for their identity.<br>
<br>Can anyone else suggest a solution to the technological and business problems associated with achieving ideal #2?<br><br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Thu, Jan 1, 2009 at 6:30 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com" target="_blank">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">I think this is the most important lesson (especially if UCI is
the actual vision, in contrast openid being a submarine reinvention of TTP
IDPs, a la Shib). </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">I've felt for a long time that there have to be two services:
one aimed purely at the user (and not provided by OPs), and then one
provided by the OP. I kept experimenting with this distinction over and
over – but I always felt like the wacky weirdo – especially once the
directed identity service from the OPs came along.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">After all, "Real" users just subscribe to Yahoo, Google,
Myopenid OPs. But those who fall prey to the indoctrination of those portal mindshare
wars, are not really getting "openid". They are just being drawn
into the typical hub-spoke networking model. Its EDI all over again. Your
free to send your business document anywhere, as long as they are a member
of the same hub.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">We just have to remember that, for business-class users, it's
just not enough to have an OP account(s) with your favorite portal(s)
(google, live, pip), which provision you their various openids. You must have in
additional service, which is probably separate from that which any OP offers.
In that addition, you own and control the XRDS/HTML file – through which
you can express full control and get what the UCI in openid promises/promised.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Ok. Lets test the reality.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Is there a semi-commercial site out there, aimed at 50+ year old
users, that does little else other than allow such folks with pretty average IT
skills to maintain their (non-OP) identity page, featuring op selection (i.e. reinforces
the multiple-nyms concept) and delegation (allows control over https authentication
endpoints, and facilitate login portability)?</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">I know I can sell the portability benefit of openid (as they all
remember the analogous (pre-Neustar) days …when phone companies would not
let you move your phone number between national carriers). </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Then, is there any "major" OP (google, live, yahoo,
myspace?) that offers _<i>both</i>_ services?</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">It doesn't count as an "offer" if I, Jeanette
the Realtor, have to literally edit an XRDS or HTML file or even conceive
of tags, meta-anything, denotational semantics or anthropomorphic identifiers
with a polymorphic bent (or any other wonderfully inventive logic that we
computer scientists love to talk about).</span></p></div></div></blockquote></div><br>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br>