OpenID V.Next - Some Views to Consider

SitG Admin sysadmin at shadowsinthegarden.com
Thu May 13 22:35:28 UTC 2010 

I need to borrow your hat for a minute, Peter :)

At 4:00 PM -0400 5/13/10, Phillip Hallam-Baker wrote:
>For thirty years Internet users have understood their user identifier
>to be username at domain.
>
>I see absolutely zero interest from end users in being identified in
>any other way. The attempts to provide them with this 'flexibility;
>are unwanted and unnecessary.

Have you studied marketing much? The ideal of "ask users what they 
want and give it to them" hasn't worked out perfectly, because it 
turns out users don't always *know* what they want - especially when 
they aren't familiar with it yet (think the Aero Chair).

To address your assertion directly, though: you're presenting one 
side of an idealogical argument, from the "status quo" - *of course* 
such flexibility isn't necessary, because the only thing it offers 
over the necessity of maintaining that status quo is change, which 
would be disruptive. The flip side of this argument is that, if 
OpenID is to idealogically represent the user as the centre of their 
own identity ("user-centric") rather than as a wholly owned 
subsidiary of their patron website ("@domain", naturally requiring 
DNS), then it has the right to help users better understand their 
rights and options.

As an idealogical argument, it works; where it falls flat is in the 
technological arena (ideals against practical reality? really?), and 
I wish you'd present more of those (backward compatibility was an 
*excellent* point) instead of relying so much on the *implicit* 
perfection of a long-entrenched model.

I repeat: you made a *compelling* technical argument. It's just that 
"nobody has ever tried it, so don't even bother offering" detracts 
from what you're saying.

I will make one observation - those earlier criticisms of OpenID that 
it's no better than the many past (failed) attempts? If we strive to 
provide nothing more than those other tries did, OpenID really *will* 
be no different from them.

>The only new mechanism is part 3

What version of the charter's draft are you looking at? I don't see:

>2) The resolution protocol for the domain part of the user identifier
>is totally independent of any application protocol, including HTTP, it
>uses DNS and only DNS to resolve the DNS name.

I don't see this mentioned *anywhere*. Has there been an update?

-Shade takes off Peter's hat and hands it back

More information about the specs mailing list