[Openid-specs-ab] More thoughts on the Federation Spec Vote...

Mike Schwartz mike at gluu.org
Mon Jul 23 21:13:43 UTC 2018 

> The concerns I'm hearing, Mike Schwartz, sound more like you're worried 
> that the spec isn't done
> and not ready to be final than that you're worried that people will 
> learn from implementing early
> drafts.  You're right that this spec isn't done.  Heck the spec itself 
> makes that clear in the Open
> Issues section at 
> https://openid.net/specs/openid-connect-federation-1_0-04.html#rfc.appendix.C!

My thinking evolved on this over the past few days... I figured out more 
clearly why this is bugging me.

What other designs for federation will be considered? Current 
federations use metadata aggregates. You may think you have a better 
design, but what if a federation would prefer to publish a metadata 
aggregate? Is that not also a "federation"? How about a federation proxy 
service? It seems to me like these basic design questions are not up for 
debate. Once we go to Implementers draft, we can raise issues on the use 
of Metadata Statements, but it will be called "OpenID Federation"--as if 
there are no other possible federation solutions--without this major 
design decision being voted on.

That's why I said I'd be ok with a more specific title for the spec. It 
would say: here's a specific way you could form trust among a group of 
organizations, without saying "here is the way we do federations in 
OpenID". That would leave the door open for more federation solutions 
(like logout after session management proved buggy).

I seriously doubt a major design change (like moving to an aggregate or 
proxy) will be considered after this draft goes to the next stage. So 
the only option we have is to vote "OBJECT" on the IP.

As Phil points out, it may be time for the OIDF to consider more 
seriously how consensus is achieved within WG's to avoid issues like 
this in the future, especially among members of the OIDF, and active 
community participants. People think the OIDF is a consensus based 
standards organization. Is it? Or we just have consensus on the IP?

- Mike


------------------------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org
https://www.linkedin.com/in/nynymike/

More information about the Openid-specs-ab mailing list