<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple style='word-wrap: break-word;
-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>It’s a bridge too far, John. Take the big win, and move on
to bigger concepts later. Don’t oversell it, at this point.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>“WebSSO with auto-pop of signup forms. “<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>That’s what folks want - and see in openid. Nothing else
is required - to join SSL on the web security pantheon.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Just deliver the original openid1 concept, with that luxurious openid2
technology. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
openid-general-bounces@lists.openid.net
[mailto:openid-general-bounces@lists.openid.net] <b>On Behalf Of </b>John
Bradley<br>
<b>Sent:</b> Saturday, August 29, 2009 5:46 AM<br>
<b>To:</b> openid-general@lists.openid.net<br>
<b>Subject:</b> [OpenID] Windows Live ID OpenID CTP Status Update (August 2009)<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>The term "Directed Identity" is slightly
vague.<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>The openID 2.0 spec added support for "Identifier
Select".<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>It allows:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>a) The User to identify who they are at there OP rather than
the RP.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>b) The User to select alternate persona at the OP to use at
different RP.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I think most people agree that login buttons have caught
on. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Though ironically if the number of OP increase we have just
reinvented the SAML "Where Am I From" problem, that openID
identifiers were intended to solve in the first place.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>The second use hasn't seen a sufficiently good UI developed
that users can take advantage of it.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>We are also lacking a good UI for users to control there
attributes.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>This is also causing OP to streamline there interfaces to
remove the ability to deselect returning attributes the RP has asked for.
<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>The trend is towards the Google approach of using a
"Pairwise" openID identifier and giving the user a yes/no choice for
logging in with the attributes the RP has requested as required.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>It isn't especially surprising that as a community we
designed more features and flexibility than the public at large is initially
interested in.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Personally with Pairwise identifiers becoming more common,
I find the attribute disclosure issue more concerning, and one that may
cause a privacy backlash at some point.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>A better UI is needed however.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>John B.<o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class=MsoNormal>On 29-Aug-09, at 5:38 AM, <a
href="mailto:openid-general-request@lists.openid.net">openid-general-request@lists.openid.net</a>
wrote:<o:p></o:p></p>
</div>
<p class=MsoNormal><br>
<br>
<o:p></o:p></p>
<p class=MsoNormal><span class=apple-style-span><span style='font-size:13.5pt;
font-family:"Courier New";color:black'>Date: Fri, 28 Aug 2009 15:44:13 -0700</span></span><span
style='font-size:13.5pt;font-family:"Courier New";color:black'><br>
<span class=apple-style-span>From: Allen Tom <<a
href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span><br>
<span class=apple-style-span>Subject: Re: [OpenID] Windows Live ID OpenID CTP
Status Update (August</span><br>
<span class=apple-tab-span> </span><span
class=apple-style-span>2009)</span><br>
<span class=apple-style-span>To: Jorgen Thelin <<a
href="mailto:jthelin@microsoft.com">jthelin@microsoft.com</a>>,</span><br>
<span class=apple-tab-span> </span><span
class=apple-style-span>"<a href="mailto:openid-general@lists.openid.net">openid-general@lists.openid.net</a>"
<<a href="mailto:openid-general@lists.openid.net">openid-general@lists.openid.net</a>></span><br>
<span class=apple-style-span>Message-ID: <<a
href="mailto:4A985DBD.9090803@yahoo-inc.com">4A985DBD.9090803@yahoo-inc.com</a>></span><br>
<span class=apple-style-span>Content-Type: text/plain; charset=ISO-8859-1;
format=flowed</span><br>
<br>
<span class=apple-style-span>Jorgen Thelin wrote:</span><br>
<br>
</span><span class=apple-style-span><span style='font-size:13.5pt;font-family:
"Courier New";color:black'><o:p></o:p></span></span></p>
<p class=MsoNormal><span style='font-size:13.5pt;font-family:"Courier New";
color:black'>Hypothesis: <heresy> Directed identity choices don't work
for *mainstream* users </heresy></span><o:p></o:p></p>
<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>
<p class=MsoNormal><span style='font-size:13.5pt;font-family:"Courier New";
color:black'><o:p> </o:p></span></p>
</blockquote>
<p class=MsoNormal><span class=apple-style-span><span style='font-size:13.5pt;
font-family:"Courier New";color:black'>This is not heresy, this is the truth.
I'd go even further and claim</span></span><span class=apple-converted-space><span
style='font-size:13.5pt;font-family:"Courier New";color:black'> </span></span><span
style='font-size:13.5pt;font-family:"Courier New";color:black'><br>
<span class=apple-style-span>that directed identity doesn't work for most
technically sophisticated</span><span class=apple-converted-space> </span><br>
<span class=apple-style-span>users. Obviously, the folks on this list are an
exception.</span><br>
<br>
<span class=apple-style-span>The value proposition for OpenID is that users can
sign into an RP with</span><span class=apple-converted-space> </span><br>
<span class=apple-style-span>an account that they already have. People who have
multiple online</span><span class=apple-converted-space> </span><br>
<span class=apple-style-span>identities or personas already know how to have
multiple accounts for</span><span class=apple-converted-space> </span><br>
<span class=apple-style-span>each persona, and already switch between accounts
when they want to</span><span class=apple-converted-space> </span><br>
<span class=apple-style-span>project a different identity.</span><br>
<br>
<span class=apple-style-span>Allen</span><br>
<br>
</span><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>