Well, with Portable Contacts (the address schema) and Attribute Exchange made available over an OpenID... wait for it... connection, I think there's a lot of promise for OpenID in payment scenarios.<div><br></div><div>
For one thing, there's the social aspect, which for some people, could be very compelling.</div><div><br></div><div>I wrote something up about this a while back, might be worth a read:</div><div><br></div><div><a href="http://factoryjoe.com/blog/2009/04/30/comixology-and-the-future-of-connected-commerce/">http://factoryjoe.com/blog/2009/04/30/comixology-and-the-future-of-connected-commerce/</a></div>
<div><br></div><div>I think OpenID for commerce is a little off-topic for this thread, but the points you raise continue to illustrate the need to productize these technologies beyond their techie roots — so that the benefits we see as implicit are made explicit for larger audiences!</div>
<div><br></div><div>Chris<br><br><div class="gmail_quote">On Tue, Jan 5, 2010 at 11:57 AM, Miles Carroll <span dir="ltr"><<a href="mailto:miles@chocolateconsulting.co.uk">miles@chocolateconsulting.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div bgcolor="#FFFFFF"><div>Hi</div><div><br></div><div>As a commercial person, I have been looking at OpenID for 18 months, trying to figure out a way to extract commercial value from this great tech. So I agree the product side needs work.</div>
<div><br></div><div>I am trying to figure out how to use OpenID in cardholder not present card (CNP) transactions. Only about 25% of card transactions are 3D secure and the rest rely on the Address Verification Service (AVS) the challenge being that 90% of the address data is free typed into the shopping carts, so the formatting fails AVS. If we could normalise the address format and get some data quality over the Open ID we could use the data to power safer payments. My business processes around 200M card transactions a year.</div>
<div><br></div><div>Any ideas from a tech and product perspective how to join it up?</div><div><br></div><div>Regards <br><br>Miles Carroll<div>Managing Director</div><div>Universal Payment Gateway plc</div><div><br></div>
<div>+44 (0)1827 265005. Switchboard</div><div>+44 (0)1827 265006. Fax</div><div><a href="http://www.upg.co.uk" target="_blank">www.upg.co.uk</a></div><div><br></div><div>Sent by iPhone</div><div><br></div></div><div><div>
</div><div class="h5"><div><br>On 5 Jan 2010, at 07:35, David Recordon <<a href="mailto:recordond@gmail.com" target="_blank">recordond@gmail.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>+1, we need to make this a reality this year.<br>
<br><div class="gmail_quote">On Mon, Jan 4, 2010 at 10:13 PM, Chris Messina <span dir="ltr"><<a href="mailto:chris.messina@gmail.com" target="_blank"></a><a href="mailto:chris.messina@gmail.com" target="_blank">chris.messina@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Indeed, and thanks for both of your comments. <div><br></div><div>I think David needs to flesh out how exactly he might rewrite OpenID on top of OAuth WRAP, or OAuth 2.0, or OpenID v.Next... whatever we call it, I think that the next generation of a "product" that our community produces needs to have some level of parity with other *connect-style APIs, which David previously outlined [1] as including:</div>
<div><br></div><div>* profile</div><div>* relationships</div><div>* content</div><div>* activities</div><div><br></div><div>If the OpenID community fails to provide a meaningful and clear way to exchange these kinds of data — in a way that is as simple and compelling to implement as Facebook or Twitter Connect, I think we're going to have a very hard time getting our collective mojo back. That said, I have high confidence that we will meet that need.</div>
<div><br></div><div>I also want to point out that I purposefully sent this message to the marketing list, since OpenID Connect is something dreamed up as a productization of the "open stack" — which is really more like "Hailstorm" — an internal token for us to refer to a quasi-official collection of technologies known to [hand wavingly] work well together.</div>
<div><br></div><div>While the bits have to add up here, that's not entirely what I'm aiming OIC at (see what I did there?). Instead, OpenID Connect is the name for a marketing vehicle that will enable us to take the existing OpenID brand and extend it to cover things that site creators and developers care about — going beyond just identity, and into the good stuff that make people want to build apps.</div>
<div><br></div><div>I also think that, from a community maturation process perspective, OpenID and OAuth have come to a point where they need to become more closely aligned — and Dave's retelling of "identity as just another attribute" helps me finally get it.</div>
<div><br></div><div>Over time, we will evolve what OpenID and what OpenID Connect mean, and find a place for OAuth and OAuth WRAP within the scheme of things. For now, and for us, in 2010, the wider marketplace needs a product that it can wrap its head around, and I think OpenID Connect makes as good as sense as anything else I've heard. ;)</div>
<div><br></div><div>Chris<div><div></div><div><br><br><div class="gmail_quote">On Mon, Jan 4, 2010 at 7:12 PM, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com" target="_blank"></a><a href="mailto:recordond@gmail.com" target="_blank">recordond@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hey Dick,<div>I could see a path where OpenID bolts discovery onto the front of OAuth WRAP and then OpenID itself becomes a common set of parameters exchanged within the user authorization flow of WRAP. A consumer could also get a WRAP access token in addition to identity information (you're the one who told me a few years ago that an identifier is just another attribute and not something special). If it's happening over SSL, a lot of the key exchange stuff goes away. Already today OpenID uses a plain text association when being run over SSL.</div>
<div><br></div><div><font color="#888888">--David</font><div><div></div><div><br><br><div class="gmail_quote">On Mon, Jan 4, 2010 at 7:07 PM, Dick Hardt <span dir="ltr"><<a href="mailto:dick.hardt@gmail.com" target="_blank"></a><a href="mailto:dick.hardt@gmail.com" target="_blank">dick.hardt@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word"><div><div>Good article Chris, I commented on your blog, but bringing the discussion here .. </div><div><br></div><div>I agree that OpenID needs some serious product management. I like the OpenID Connect label -> much better then the Open Stack.</div>
<div><br></div><div>Technically, speaking as an author of OAuth WRAP, making OpenID an OAuth WRAP Profile does not make sense. I do think that an OpenID v Next would be very complementary to OAuth WRAP.</div><div><br></div>
<div>One of the problems OpenID solves that WRAP does not is discovery and key exchange. I would say that is most of the what OpenID does. </div><div><br></div><div>Great to see the discussion pick up, it is going to be a very interesting year!</div>
<div><br></div></div><div><div><div></div><div><div>On 2010-01-04, at 4:05 PM, Chris Messina wrote:</div><br></div></div><blockquote type="cite"><div><div></div><div>Just wrote a post outlining my thoughts outlining a concept I called "OpenID Connect":<div>
<br></div><div><a href="http://factoryjoe.com/blog/2010/01/04/openid-connect/" target="_blank"></a><a href="http://factoryjoe.com/blog/2010/01/04/openid-connect/" target="_blank">http://factoryjoe.com/blog/2010/01/04/openid-connect/</a></div>
<div><br></div><div>Interested in thoughts and feedback, and happy to expand the idea further.</div><div><br></div><div>Chris<br clear="all"><br>-- <br>Chris Messina<br>Open Web Advocate<br><br>Personal: <a href="http://factoryjoe.com/" target="_blank"></a><a href="http://factoryjoe.com" target="_blank">http://factoryjoe.com</a><br>
Follow me on Twitter: <a href="http://twitter.com/chrismessina" target="_blank"></a><a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a><br><br>Citizen Agency: <a href="http://citizenagency.com/" target="_blank"></a><a href="http://citizenagency.com" target="_blank">http://citizenagency.com</a><br>
Diso Project: <a href="http://diso-project.org/" target="_blank"></a><a href="http://diso-project.org" target="_blank">http://diso-project.org</a><br>
OpenID Foundation: <a href="http://openid.net/" target="_blank"></a><a href="http://openid.net" target="_blank">http://openid.net</a><br><br>This email is: [X] shareable [ ] ask first [ ] private<br>
</div></div></div>
_______________________________________________<br>marketing mailing list<br><a href="mailto:marketing@lists.openid.net" target="_blank"></a><a href="mailto:marketing@lists.openid.net" target="_blank">marketing@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank">http://lists.openid.net/mailman/listinfo/openid-marketing</a><br>
</blockquote></div><br></div><br>_______________________________________________<br>
marketing mailing list<br>
<a href="mailto:marketing@lists.openid.net" target="_blank"></a><a href="mailto:marketing@lists.openid.net" target="_blank">marketing@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank">http://lists.openid.net/mailman/listinfo/openid-marketing</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
marketing mailing list<br>
<a href="mailto:marketing@lists.openid.net" target="_blank"></a><a href="mailto:marketing@lists.openid.net" target="_blank">marketing@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank">http://lists.openid.net/mailman/listinfo/openid-marketing</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Open Web Advocate<br><br>Personal: <a href="http://factoryjoe.com" target="_blank"></a><a href="http://factoryjoe.com" target="_blank">http://factoryjoe.com</a><br>
Follow me on Twitter: <a href="http://twitter.com/chrismessina" target="_blank"></a><a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a><br>
<br>Citizen Agency: <a href="http://citizenagency.com" target="_blank"></a><a href="http://citizenagency.com" target="_blank">http://citizenagency.com</a><br>Diso Project: <a href="http://diso-project.org" target="_blank"></a><a href="http://diso-project.org" target="_blank">http://diso-project.org</a><br>
OpenID Foundation: <a href="http://openid.net" target="_blank"></a><a href="http://openid.net" target="_blank">http://openid.net</a><br>
<br></div></div>This email is: [ ] shareable [X] ask first [ ] private<br>
</div>
<br>_______________________________________________<br>
marketing mailing list<br>
<a href="mailto:marketing@lists.openid.net" target="_blank"></a><a href="mailto:marketing@lists.openid.net" target="_blank">marketing@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank">http://lists.openid.net/mailman/listinfo/openid-marketing</a><br>
<br></blockquote></div><br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>marketing mailing list</span><br><span><a href="mailto:marketing@lists.openid.net" target="_blank">marketing@lists.openid.net</a></span><br>
<span><a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank">http://lists.openid.net/mailman/listinfo/openid-marketing</a></span><br></div></blockquote></div></div></div><br>_______________________________________________<br>
marketing mailing list<br>
<a href="mailto:marketing@lists.openid.net">marketing@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-marketing" target="_blank">http://lists.openid.net/mailman/listinfo/openid-marketing</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Open Web Advocate<br><br>Personal: <a href="http://factoryjoe.com">http://factoryjoe.com</a><br>Follow me on Twitter: <a href="http://twitter.com/chrismessina">http://twitter.com/chrismessina</a><br>
<br>Citizen Agency: <a href="http://citizenagency.com">http://citizenagency.com</a><br>Diso Project: <a href="http://diso-project.org">http://diso-project.org</a><br>OpenID Foundation: <a href="http://openid.net">http://openid.net</a><br>
<br>This email is: [ ] shareable [X] ask first [ ] private<br>
</div>