<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>A debate on a WG formation (note the subject) should be philosophical
(and a touch political). One is really analyzing the intended output, and the
stated motives and background of the proponents. Since the work has not
been done, there is nothing else to comment on – other than the charter.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Try not to assume malice; it’s almost always incompetence
for my part. I have two callings: get google to do websso for “consumers”
and send us assertions I can consume (without becoming bound to legal/policy
rules that my customers will reject), and let 1,000,000 realtors be their own
OP and their own RP. I need both peer-peer and openid.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>As it stands today, we are doing SAML for the realtors (more
peer peer, with very personal brands/trust), and hoping to do openid for the
consumers (more about mega-portal with massive commercial brands and reach)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Breno de Medeiros
[mailto:breno@google.com] <br>
<b>Sent:</b> Friday, March 20, 2009 7:14 PM<br>
<b>To:</b> Peter Williams<br>
<b>Cc:</b> general@openid.net<br>
<b>Subject:</b> Re: [OpenID] Fwd: [OpenID Foundation] New Poll Opened<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>It is interesting how a
discussion on a relatively simple extension proposal which was motivated by:<br>
<br>
1. Users saying in usability study after usability study that they are more
comfortable with the Facebook-Connect style login flow than the full browser
redirect model.<br>
<br>
2. Potential RPs demanding popup UI flows in order to adopt the scheme as they
do not want their users to lose the context of their site.<br>
<br>
3. IDPs listening to the same demand again and again and deciding to propose an
_optional_ feature that RPs can choose to interact with their users<br>
<br>
Became a philosophical discussion on issues from user-centric philosophy to
anti-phishing to trust models on certificates.<br>
<br>
Reality: The proposed WG suggests that RPs who want to can add a couple of
parameters to their URL requests to indicate to OPs (that advertize the
feature) that they embraced a fancy-dancy popup UI that makes their users
happier. They could already do this by hardcoding window sizes for the OPs that
they care about. IDPs could just document their favorite window sizes as
non-standard "enhancements" and force RPs (at least those who care
for their users) to embrace per-OP customization of window sizes as a fait
accompli.<br>
<br>
Perception: Run for the hills: OpenID is being corrupted! It will become a
phishing haven! It has sold its soul!<br>
<br>
Or, as every San Franciscan knows it: The city was best when I moved in, and
has gone downhill ever since. :)<br>
<br>
<o:p></o:p></p>
<div>
<p class=MsoNormal>On Fri, Mar 20, 2009 at 6:44 PM, Peter Williams <<a
href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal>Openid clearly started with the OP being someone's blogsite
- expecting there to be millions of OPs (i.e. you and me) and equal number of
RPs. Clearly, vanity delegation was nothing more than adding a few meta tags to
your blog's html home page, giving one the ability to use various of your blog
site URLs faciliting portability. Even I managed to do test all that (in its
essentially original openid1.1 form), and I'm technically incompetent. And
RP was an authenticated comment handler ...on someone's blog site. If the
blog provider was hosted (by blogspot), fine. Or, a wordpress installation of a
blog server on your enterprise gateway was just as legitimate to hosted blogs
in livejounrnal, say. Host a serer yourself or be a tenant of a blogservice -
it made no difference to your status as an OP.<br>
<br>
Now, we never hear of that world any longer. The founders seems to change
orientation, right about the time I started focusing on openid. And to be fair,
it was and still is the mega-OP with openid2 capabilities that drives our
commercial interest (seeing as they can nowhandle the ~6 million accounts of
users who occasionally come to our site, now to authenticate using websso - or
"identity verification"). At the same time, for realtors themselves
(vs the public who search realtor listings), the peer-peer model is also
important; and there are a million of these (each with their own web2.0 portal,
offering a variety of "professional" services to their homeowner
clients).<br>
<br>
Since Openid2, all I ever hear is about yahoo, paypal, google, facebook,
myspace and live - who will each govern (n00 million) users. The users (and
nominal owners of a blog site) are no longer the OP: s/he is a merely
"subscriber" to an OP service - which will "speak for" the
"site owner" under their brand rather than the individual's
"brand". The rules and interaction with an RP will be the OP's
decision (no longer the subscriber). If the subscriber wants to do this or that
trust model with the RPs, it is now irrelevant. You want to use Yahoo, it WILL
be ssl and their UI design rules (whether the original OP/site wants it, or
not).<br>
<br>
Am I wrong that the founders (who obviously knowingly migrated to the world of
openid2, and directed id in particular) changed focus? Did you move the notion
of OPs from being those x00,000 owners of blog sites (who can set their
own policy) to the (small number of) large portal firms that now host n00,000
"tenants" each - all acting under a single brand and security policy?<o:p></o:p></p>
<div>
<p class=MsoNormal><br>
<br>
> -----Original Message-----<br>
> From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>
[mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>]
On<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>> Behalf Of Martin Atkins<br>
> Sent: Friday, March 20, 2009 4:27 PM<br>
> To: <a href="mailto:general@openid.net">general@openid.net</a><br>
> Subject: Re: [OpenID] Fwd: [OpenID Foundation] New Poll Opened<br>
><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>> Peter Williams wrote:<br>
> ><br>
> > OpenID on the<o:p></o:p></p>
</div>
<p class=MsoNormal>> > other hand started peer/peer, and is rapidly
he[Peter Williams] adding into the TTP<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal>> space<br>
> > (where I suspect its founders wanted it all along).<br>
> ><br>
><br>
> Your suspicions are incorrect.<br>
><br>
> Its "founders" (which I choose to understand as those who
started the<br>
> project, which started with Brad Fitzpatrick and fanned out to a number<br>
> of others including myself) imagined it originally as a solution to the<br>
> problem of allowing users of LiveJournal.com to leave comments on<br>
> DeadJournal.com and vice-versa; that it ended up being a user-centric,<br>
> decentralized system tis largely a symptom of the culture of the<br>
> LiveJournal developers.<br>
><br>
> The original OpenID was designed to operate without SSL at all, with<br>
> parties establishing associations on the fly with no verification, and<br>
> it remains that way today on LiveJournal.com. Some folks wanted the<br>
> benefits that SSL brings, and that's fine... no-one's forcing you to<br>
> use<br>
> SSL right now. I fought SSL being a requirement for OpenID 2.0 and I<br>
> will continue to fight it as I believe it should be up to each party to<br>
> decide whether it needs the benefits SSL provides.<br>
><br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
--Breno<br>
<br>
+1 (650) 214-1007 desk<br>
+1 (408) 212-0135 (Grand Central)<br>
MTV-41-3 : 383-A <br>
PST (GMT-8) / PDT(GMT-7)<o:p></o:p></p>
</div>
</div>
</body>
</html>