<html><head></head><body><div style='font-family:Calibri,"Segoe UI",Meiryo,"Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Khmer UI","Nirmala UI",Tunga,"Lao UI",Ebrima,sans-serif;font-size:16px;'><div>Thankyou but no. General comment is my limit, given the wider implications of membership, etc. General comment is what this list is for.</div><div> </div><div>But, to be fair to Google, I did conclude my original idea (simply making wordpress talk to an IDP, leveraging the Account Chooser intermediation, with auto-account creation). I wrote up my own little efforts at a trial at <a href="http://wp.me/p1fcz8-30a">http://wp.me/p1fcz8-30a</a>. It says... the technology works. Then some of the implications of “working” integration are explored, without being academic.</div><div> </div><div data-focusfrompointer="true">If I was more sociable, perhaps Id have been on some Account Chooser or wordpress plugin list that could have given direction, earlier. At the same time, by operating blind, its been useful to view the integration very skeptically. Questioning the policy implications of the intermediation service came about from the nature of the technology integration itself, being obvious. I’m left with a stronger question to now ask: would I want it (now it works)?</div><div> </div><div data-focusfrompointer="true">Its been a little unfair to target to Google and so publicly be critical - since their enforcement technology is so clearly well done (and its all probably still formally a beta rollout). Clearly, national-scale mandatory security policy enforcement via websso has take a strong leap forward. The questions now are: are the TTPs policy rules right? Where is involvement of a TTP-class IDP or IDP trust broker even appropriate?</div><div> </div><div>Do any other vendors have public trials? Id like to figure if the policy enforcement is essential to the opened connect concept, or its just a google value add (for its business model). If I think back to our first efforts with SAML, the VERY first thing we did was abandon the Shibboleth community’s policy control concept...the abandonment of which turned out crucial for the adoption of websso in a more decentralized (and economically vital) community with a strong aversion to centralized policy management ... of ANY kind. The same kinds of questions are increasingly pertinent for opened connect, evidently.</div><div> </div><div data-signatureblock="true">Sent from Windows Mail</div><div> </div> <div style="border-top-color: rgb(229, 229, 229); border-top-width: 2px; border-top-style: solid;"> <strong>From:</strong> Nat Sakimura<br> <strong>Sent:</strong> October 17, 2012 6:44 PM<br> <strong>To:</strong> Peter Williams<br> <strong>CC:</strong> openid-general@lists.openid.net<br> <strong>Subject:</strong> Re: [OpenID] One developer's first encounter with account chooser (openid connect?)<br> </div> <div> </div>Perhaps you can join Account Chooser WG and give your formal feedback so that the WG can incorporate them? <div><br></div><div>Nat<br><br><div class="gmail_quote">On Thu, Oct 18, 2012 at 4:03 AM, Peter Williams <span dir="ltr"><<a href="mailto:home_pw@msn.com" target="_blank">home_pw@msn.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;"><div><div style='font-family: Calibri,"Segoe UI",Meiryo,"Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Khmer UI","Nirmala UI",Tunga,"Lao UI",Ebrima,sans-serif; font-size: 16px;'>
<div><div dir="ltr">In a word: frustrating. <a href="http://wp.me/p1fcz8-2YW" target="_blank">http://wp.me/p1fcz8-2YW</a>. It was frustrating on multiple levels.<br> <br>Obviously the code is fixable, but one worries about the very "idea" - there seems a desperation in the desire to remove local IDPs - including those granting access to privileged administrator configuring (broken) federated logon!<br>
<br>To be fair, the default Microsoft <a href="http://ASP.NET" target="_blank">ASP.NET</a> web app project built by the released version of visual studio 20102 doesn't work, either - when taking up the federated (OAUTH/openid) login option and its display of a set of IDPs, configured locally. It doesn't even compile, link and load! Thus, I have not even so far as work with its attempt to showcase Openid Connect, or see if things interwork yet with Google's implementation, etc.<br>
</div></div><div>Sent from Windows Mail</div><div> </div></div></div><br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div><br>
</div>
</div></body></html>