PROPOSAL: OpenID Form Clarification (A.4)

Josh Hoyt josh at janrain.com
Thu Oct 19 21:56:44 UTC 2006


On 10/19/06, Jonathan Daugherty <cygnus at janrain.com> wrote:
> I think it's there for convenience because no practices document
> existed when that was inserted.  I think Josh was considering removing
> it anyway, though.

I'm in favor of keeping the OpenID Authentication Protocol
specification as small as possible, with as few restrictions as
possible to get useful behavior. I think this kind of thing could go
in another, companion specification, so that if people want to
experiment, they can, without having to re-invent the parts that work.

This is similar to my response to Dick in which I said that ideally
identifier discovery and verification would be in another
specification. The more we can reduce the scope, the more likely it is
that we can develop a tight, usable specification that does not hold
anyone back and is easy to implement.

There are a couple of different insights that are common to OpenID,
SXIP, LID, and the myriad other URL-based single-sign-on solutions
that are out there. I want to codify the things that we all agree on
and allow innovation around the things that we do not.

I do not feel strongly about this particular issue, but I do feel
strongly that if possible, we should REDUCE the scope as much as
possible. If there is a way to accomplish your goal without changing
OpenID, then DON'T CHANGE OPENID. It's easy to put stuff in the next
revision, but it's hard to take stuff out.

OpenID has been successful because its scope was intentionally
extremely narrow. Lets keep it that way.

Josh



More information about the specs mailing list