Building identity on top of OAuth 2.0?

Hans Granqvist hans at granqvist.com
Sun May 16 14:33:50 UTC 2010 

Putting the spec itself aside for a moment, I think the moniker  
"OpenID Connect" is not helping... unless you're designing this only  
for people who already know and use OpenID.

Facebook Connect was all about connecting to a single end point, a  
company, a concrete institution. People know what Facebook is before  
seeing the FB Connect button.

Anyone who sees OpenID Connect is going to look for the Open ID  
equivalence. But there is no such single end point or company. This  
will confuse and annoy since almost everyone is conditioned by  
Facebook connect & few know what OpenID is.

Perhaps it would be better to put forward the mechanism, "Connect  
using OpenID" or similar.

Thanks,
Hans

On May 15, 2010, at 6:58 PM, Chris Messina wrote:

> I'm excite to see this proposal, as it represents something concrete  
> to discuss and debate. I'd like to see how this strawman proposal  
> can be used within the technical working group as a point of  
> inspiration.
>
> I'd also point out, for completeness, that OpenID Connect does not  
> necessarily represent what OpenID v.Next should look like, but  
> instead is more like a profile of several technologies strung  
> together to address the need of a "connect" API pattern with  
> decentralization at its core (a feature that I consider absolutely  
> essential to its success and architecture).
>
> Looking forward to feedback on this.
>
> Chris
>
> On Sat, May 15, 2010 at 4:57 PM, David Recordon  
> <recordond at gmail.com> wrote:
> The past few months I've had a bunch of one on one conversations  
> with a lot of different people – including many of folks on this  
> list – about ways to build a future version of OpenID on top of  
> OAuth 2.0. Back in March when I wrote a draft of OAuth 2.0 I  
> mentioned it as one of my future goals as well (http://daveman692.livejournal.com/349384.html 
> ).
>
> Basically moving us to where there's a true technology stack of TCP/ 
> IP -> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome  
> APIs). Not just modernizing the technology, but also focusing on  
> solving a few of the key "product" issues we hear time and time again.
>
> I took the past few days to write down a lot of these ideas and glue  
> them together. Talked with Chris Messina who thought it was an  
> interesting idea and decided to dub it "OpenID Connect" (see http://factoryjoe.com/blog/2010/01/04/openid-connect/) 
> . And thanks to Eran Hammer-Lahav and Joseph Smarr for some help  
> writing bits of it!
>
> So, a modest proposal that I hope gets the conversation going again. http://openidconnect.com/
>
> --David
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>
>
>
> -- 
> Chris Messina
> Open Web Advocate, Google
>
> Personal: http://factoryjoe.com
> Follow me on Buzz: http://buzz.google.com/chrismessina
> ...or Twitter: http://twitter.com/chrismessina
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100516/b2fbf830/attachment.htm>

More information about the specs mailing list