<br><br><div class="gmail_quote">On 19 August 2012 17:50, Peter Williams <span dir="ltr"><<a href="mailto:home_pw@msn.com" target="_blank">home_pw@msn.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
On <a href="http://chris-intel-corner.blogspot.com/2011/10/typex-investigation-wwii-mystery.html#comment-form" target="_blank">http://chris-intel-corner.blogspot.com/2011/10/typex-investigation-wwii-mystery.html#comment-form</a> I happenedd to post off an openid-powered comment - on a topic of my interest - linking back to the war of crypto groups and related groups involved in deception and counter-deception.<br>
<br>
Wordpress nicely signaled SSO packets to blogger, and indeed blogger insisted I passed a local captcha challenge. 2 blogging platforms (painfully) did SSO, with no prior arrangement for my account. This was the first time I encountered this all actually working, armed and relevant (vs "managed cases" Ive encountered encountered when playing software engineer, on testing things).<br>
<br>
So did the "blogging platform" vision of openid work? Did the blog world (and openid) change SSO... and the nature of the global id debate?<br>
<br>
On the basis of the evidence I found from deployed practice in blogging world: no. It was far too painful, limited, and with too many caveats. If I compare it with my websso signon to <a href="http://live.com" target="_blank">live.com</a> (and <a href="http://msn.com" target="_blank">msn.com</a>, and <a href="http://bing.com" target="_blank">bing.com</a>) which powers my voice calls, video sharing, email, and IM (and even something called facebook integration) the openid experience "from blogging" was a poor cousin.<br>
<br>
At the same time, when I opened the brand new release of Microsoft 2012 developer software this week, what do we find being given to a few million vb programmers but the standard web application builder wizard producing code for a stub web-app that has SSO built ino its login button handlers (with openid - that which, on cue, certain UK academics declared a dead duck - recall). Trivially , it was talking to google's openid IDP, twitter's oauth IDP, and via ws-fedp to my directory IDP, my own web app IDP, and even the Microsoft cloud IDP relay (with its home realm UI selector, for jquery-friendly IDP selector popups). Apparently, if you have money and sheer willpower, it can be made to talk to the Shibboleth-centric world of SAML2, too.<br>
<br>
So ... wow! SSO in blogging may not have made it... but the protocol made it! Clearly.<br>
<br>
Now what there was NOT ... in any of that success was "openid connect".<br>
<br>
I guess that openid connect will be better received ONCE the community counts amongst its success all its previous incarnations ... such as those described above. It has to be proud of all its history, not just the latest deliverable.<br>
<br>
What seems to have finally "re-sounded" is the openess - and the ability for folks to now go pursue lots of integration styles. And, not, just one.<br>
<br>
I think I may award openid Peter's "self-signed cert" medal - that honour bestowed on movements who liberate a technology from tech-religion, proprietary controls, patents, spooky committee-land, and all manner of IP constrictures around commodity-crypto applications.<br>
<br>
Just like there are a million or so private CA with self-sgned certs on LANs that noone accounts for, and who knows who many home routers with a self-signed SSL server cert, lets now go estimate how many twitter-based or microsoft-based or google-based oauth-apps come into being in private LANs (that noone accounts for, being non-public domains-names). This is the real test .. adoption by open and ungoverned crypto technology adopting group (for some commodity convenience).<br>
<br>
Of course, given a liberated platform, folks in certain sub-communities get to impose medium and high assurnace regulation on top - which is just fine too (given some identified need for better assurance).<br></blockquote>
<div><br>I think what worked best with OpenID is the message that we need an Open Identity system for the Web, rather than something proprietary/bespoke/centralized. <br><br>Perhaps it could be argued by some, that due to politics, the vision was never quite fully realized.<br>
<br>But I think it has been a good try. Certainly the conversation has moved forward in that time.<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
</blockquote></div><br>