specs Digest, Vol 36, Issue 1

Brian Kissel bkissel at janrain.com
Thu Aug 13 17:58:21 UTC 2009 

John, that's a very good question.

For the OPs on the list, how many of you envision evolving your services to LoA 2 if a clear path could be developed and agreed to?

We should certainly not constrain ourselves to what current OPs intend to support, but we should also be pragmatic about the rate at which we evolve the technology cognizant of whether and when any OPs would commit to making the necessary changes to support the upgrade.

Looking forward to feedback from others.

Brian
___________

Brian Kissel<http://www.linkedin.com/pub/0/10/254>
CEO, JanRain - OpenID-enable your websites, customers, partners, and employees
5331 SW Macadam Ave., Suite 375, Portland, OR 97239
Email: bkissel at janrain.com<mailto:bkissel at janrain.com>     Cell: 503.866.4424     Fax: 503.296.5502

From: openid-specs-bounces at lists.openid.net [mailto:openid-specs-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Thursday, August 13, 2009 10:00 AM
To: Chris Messina
Cc: openid-specs at lists.openid.net
Subject: Re: specs Digest, Vol 36, Issue 1

Chris

I think we are agreeing.  OpenID needs to play to it's strengths.   Chasing shiny things is tempting.

We need to carefully consider the impact of changes.

That is not to say that openID shouldn't evolve.

There are always tradeoffs.

Remember that a GSA LoA 2 or 3 profile is focused on the Gov accepting the assertions for specific uses.

Other people are free to make there own determinations for other use cases.

I am interested in finding out if IdP really want to be certified at LoA 2 with all of the extra identity proofing,  liability and other things that go with that.

A LoA 2 certification for a IdP involves a lot more than just tweaking some protocol peaces.

Are there OPs  that want that?

John B.
On 13-Aug-09, at 9:11 AM, Chris Messina wrote:


On Thu, Aug 13, 2009 at 8:34 AM, John Bradley <jbradley at mac.com<mailto:jbradley at mac.com>> wrote:
Some may ask if we add artifact binding, signatures and encryption are we not reinventing SAML Web SSO, or something of equal complexity?

I would like to know more about this, but my instinct is always to say "NO" for as long as possible when any new feature will a) introduce complexity and b) stifle or impair potential adoption.

That we've come as far as we have is a feat; maintaining that momentum is critical - and that means making good on the promise of what OpenID offers *today* - and only extending it with real world examples where people are implementing kludges (en masse) to serve a common need.
Chris

--
Chris Messina
Open Web Advocate

Personal: http://factoryjoe.com
Follow me on Twitter: http://twitter.com/chrismessina

Citizen Agency: http://citizenagency.com
Diso Project: http://diso-project.org
OpenID Foundation: http://openid.net

This email is:   [ ] bloggable    [X] ask first   [ ] private



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4330 (20090812) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4332 (20090813) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090813/aa282a60/attachment-0001.htm>

More information about the specs mailing list