<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
(2010/06/08 21:32), Andy Powell wrote:
<blockquote
cite="mid:051279DC42F84849A64DA04141E1F9555815C7742C@edu-vmw-eml-l01.edu2000.com"
type="cite">
<meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">I
suspect we need at least two variants, one for a general audience and
one more
technically correct ;-).<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">I
find your proposed wording for OAuth (“<i>OAuth is a protocol that
allows
one to delegate the access authorization to a resource to a third party</i>”)
somewhat
problematic since it’s not overly clear what is being delegated
to who? Tbh, I prefer the current wording at <a moz-do-not-send="true"
href="http://oauth.net/">http://oauth.net/</a>
(“<i>An open protocol to allow secure API authorization in a simple and
standard method from desktop and web applications</i>”) – I think
there is a subtle distinction between ‘allowing authorization’ and
‘doing
authorization’ which makes this wording OK.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">On
that basis, how about something like the following:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">General
audience<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">OpenID
allows you to use an existing website account to sign in to multiple
other
websites, without needing to create any new passwords.</span></p>
</div>
</blockquote>
To me, this emphasizes the "login" too much. OpenID is not about login.
<br>
<br>
>From my experience, "General Audience" is too broad. When I am forced
to speak about it, <br>
I change my explanation. <br>
<br>
For example, to explain it to a mom with a kid who plays Nintendo's
Wii, <br>
I go like: <br>
<br>
Me: "Do you know Wii?" <br>
Mom: "Yes!"<br>
Me: "Then you must know Mii."<br>
Mom: "Of course!"<br>
Me: "You created Mii because you just cannot get into the machine. So,
Mii
looks like you, has your nickname, and so on. If you are playing Wii
fit, it records your wait and other activity logs, and you go to games
using your Mii. At the game, the Mii tells the game keeper required
information on behalf of you. In fact, Mii is yourself in Wii. That's
called Digital Identity. Do you get it?"<br>
Mom: "Sure."<br>
Me: "To use your Mii, you have to establish your right to control that
Mii. Usually, you do this with PIN on the remote. <br>
That is called Authentication."<br>
Mom: "OK. That's easy."<br>
Me: "Unfortunately, Mii can only live in Nintendo Wii. It just cannot
live in any other places. <br>
To make it possible for Mii to go to various places in the internet,
those places must understand Mii. <br>
To make it up, we have to 'open up' Mii so that everybody can
understand what that Mii is saying or doing. <br>
That's OpenMii. OpenID is one such thing, a standardized Digital
Identity for the Internet."<br>
<br>
It seems to work remarkably well on those moms and kids. <br>
At the same time, it does not work for somebody who never saw a Mii. <br>
<br>
<br>
<blockquote
cite="mid:051279DC42F84849A64DA04141E1F9555815C7742C@edu-vmw-eml-l01.edu2000.com"
type="cite">
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">OAuth
allows you to access a website using a desktop or web-based
application,
without needing to type the username and password for that website into
the
application.</span></p>
</div>
</blockquote>
What about "without telling the username and password to that
application"<br>
<blockquote
cite="mid:051279DC42F84849A64DA04141E1F9555815C7742C@edu-vmw-eml-l01.edu2000.com"
type="cite">
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">Technical
audience<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">OpenID
is an open standard digital identity framework that allows attributes
about an
authenticated user to be passed from one website (the OpenID provider)
to
another (the relying party), usually for the purposes of authorizing
access.</span></p>
</div>
</blockquote>
We need to include the "user control/authorization of the attribute
release". It is one of the most important concept around OpenID.
"usually for the purposes of authorizing access" is a bit confusing. We
need to specify who is authorizing what access, if we were to write it.
<br>
<br>
What about something like: <br>
<br>
OpenID is an open standard Digital Identity Framework that passes the
authorization decision and attributes/data of an authenticated user
from one website (the OpenID provider) to another (the relying party). <span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"></span>
<blockquote
cite="mid:051279DC42F84849A64DA04141E1F9555815C7742C@edu-vmw-eml-l01.edu2000.com"
type="cite">
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">OAuth
is an open standard protocol that allows simple and secure API
authorization
from desktop and web-based applications.</span></p>
</div>
</blockquote>
Main concept of the OAuth, the access authorization __delegation__ is
gone from this definition. <br>
<br>
What about this: <br>
<br>
"OAuth is an open standard protocol that allows the access
authorization to an API to be given to an application without
disclosing the user's credential. "<br>
<blockquote
cite="mid:051279DC42F84849A64DA04141E1F9555815C7742C@edu-vmw-eml-l01.edu2000.com"
type="cite">
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">??<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">Andy<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">--<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Arial","sans-serif"; color: rgb(112, 48, 160);">Andy
Powell<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">Research
Programme Director<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Arial","sans-serif"; color: rgb(112, 48, 160);">Eduserv</span><span
style="font-size: 11pt; font-family: "Arial","sans-serif";"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif"; color: rgb(112, 48, 160);">t:</span><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">
01225 474319<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif"; color: rgb(112, 48, 160);">m:</span><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">
07989 476710<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif"; color: rgb(112, 48, 160);">twitter:</span><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">
@andypowe11<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif"; color: rgb(112, 48, 160);">blog:</span><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";">
efoundations.typepad.com<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><a
moz-do-not-send="true" href="http://www.eduserv.org.uk">www.eduserv.org.uk</a>
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10.5pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="mailto:openid-general-bounces@lists.openid.net">openid-general-bounces@lists.openid.net</a>
[<a class="moz-txt-link-freetext" href="mailto:openid-general-bounces@lists.openid.net">mailto:openid-general-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Nat
Sakimura<br>
<b>Sent:</b> 08 June 2010 11:35<br>
<b>To:</b> David Recordon<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-general@lists.openid.net">openid-general@lists.openid.net</a><br>
<b>Subject:</b> Re: [OpenID] Definition of OpenID<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Would love to have a more readable rewrite. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">We should make an authoritative punch line that
we can use
it at many places, <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">including wikipedia. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">=nat<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Tue, Jun 8, 2010 at 4:40 PM, David Recordon
<<a moz-do-not-send="true" href="mailto:recordond@gmail.com">recordond@gmail.com</a>>
wrote:<o:p></o:p></p>
<p class="MsoNormal">We wrote <a moz-do-not-send="true"
href="http://openid.net/get-an-openid/what-is-openid/" target="_blank">http://openid.net/get-an-openid/what-is-openid/</a>
a year or two<br>
ago. It's far more of a product definition than a technical one, but<br>
supports what you wrote. Ever since we made OpenID 2.0 extensible and<br>
a combination of other technologies a few years ago it's been a<br>
framework.<br>
<br>
As you point out, OpenID has never done user authentication itself.<br>
Rather that's handled by cookies, passwords, tokens, certs, etc.<br>
OpenID does however perform authentication from the provider to the<br>
relying party once the user has authenticated and granted<br>
authorization.<br>
<br>
So yes, I agree with your definitions but would rewrite them and<br>
clarify the intended audience. (Unfortunately 1am isn't a good time<br>
for me to propose better wording.)<br>
<br>
--David<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><br>
<br>
On Tue, Jun 8, 2010 at 12:31 AM, Nat Sakimura <<a
moz-do-not-send="true" href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>>
wrote:<br>
> Many people say that OpenID is for Authentication and OAuth is for<br>
> Authorization.<br>
> This does not seem to be an accurate statement.<br>
> In fact, OpenID does not do the "authentication" in the narrow
meaning and<br>
> OAuth does not do the "authorization" in the narrow meaning.<br>
> More accurate characterization would be something like:<br>
> OpenID is a Digital Identity Framework that that conveys the
authorization<br>
> decision and identity attributes/data of an authenticated identity
from
the<br>
> identity provider (OpenID provider, OP) to a requesting party
called
relying<br>
> party (RP).<br>
> OAuth is a protocol that allows one to delegate the access
authorization
to<br>
> a resource to a third party. (<= need better wording.)<br>
> Any discussion?<br>
><br>
> --<br>
> Nat Sakimura (=nat)<br>
> <a moz-do-not-send="true" href="http://www.sakimura.org/en/"
target="_blank">http://www.sakimura.org/en/</a><br>
> <a moz-do-not-send="true" href="http://twitter.com/_nat_en"
target="_blank">http://twitter.com/_nat_en</a><br>
><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">>
_______________________________________________<br>
> general mailing list<br>
> <a moz-do-not-send="true" href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
> <a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-general"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
><br>
><o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<br>
-- <br>
Nat Sakimura (=nat)<br>
<a moz-do-not-send="true" href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br>
<a moz-do-not-send="true" href="http://twitter.com/_nat_en">http://twitter.com/_nat_en</a><o:p></o:p></p>
</div>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:general@lists.openid.net">general@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-general">http://lists.openid.net/mailman/listinfo/openid-general</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Nat Sakimura (<a class="moz-txt-link-abbreviated" href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a>)
Nomura Research Institute, Ltd.
Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
PLEASE READ:
The information contained in this e-mail is confidential and intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.
</pre>
</body>
</html>