OpenID Hybrid v2 Proposal (formerly known OpenID Connect)

Wed May 26 13:59:15 UTC 2010

On May 26, 2010, at 5:12 AM, Dan Brickley wrote:

> On Wed, May 26, 2010 at 10:22 AM, Eran Hammer-Lahav <eran at hueniverse.com> wrote:
>> Discussing the name is a distraction. The issue is whether the OpenID foundation wants to be where identity work is done, or where the OpenID protocol (and nothing else) is done. Again, the question is very simple: OAuth is going to have an identity layer (that's a done deal) - do you want to work on it here under the OpenID foundation or not?
> 
> 
> It's not that entirely that simple. There are apparently other
> (different but with some commonality?) ideas for a next phase of
> OpenID activity, the v.Next stuff. So the Foundation also needs to
> decide whether to do both in parallel and let 'the market' decide,
> whether to map out some dependencies, shared technology components or
> even try for a common design, or whether to say "thanks but no thanks"
> to one of the proposals. It also needs to decide how much of that
> deciding to do up front (in the board) versus in chartered working
> group(s).

OpenID started as a protocol but has become a brand. The use of the OpenID name/brand is something that the OpenID Foundation controls. David and friends have suggested a new, non-backwards compatible protocol and by naming it OpenID Connect they obviously desire to leverage the OpenID brand. 

So it all comes down to a decision as to what the OIDF board wants that brand to mean. With all the confusion in the identity space, I think OpenID to evolve from being the current (can you say legacy?) OpenID protocol, to the name for a coherent-as-possible set of protocols & libraries, etc. that solve a fairly wide range of the Internet's identity problems. 

If the foundation goes in that direction it could bring under one roof/brand a coordination point for a range of efforts. In addition to coordinating protocol work, we should raise the priority of two other things: UX & RP enablement. We could try to make a consistent-as-possible UX across the OpenID family of protocols. And we could invest in creating some really robust, cross-protocol libraries so that RPs can easily add support for the entire OpenID family (Legacy, Connect, and V.Next). Gotta make this stuff easy for RPs to deploy.

> 
> Framing this bluntly as a 'take it or leave it' ultimatum looks (to a
> relative outsider) a little brutal, but I say that cautiously as I've
> not been party to any of the backstory or detailed debates.
> 
>> Everything else (like naming, migration path from OpenID 2.0 to OAuth 2.0 identity) is stuff for the WG to figure out.
>> 
>> This is a fundamental question far beyond all this geek talk: what is the purpose of this community? Where are its boundaries? Is this the hub of web identity work, or just one tiny piece of it?
>> 
>> I'm happy with any answer.
> 
> Fair questions. There are folk on the foaf-protocols list working with
> foaf+ssl, and in the W3C social Web incubator group who are also very
> interested in answers...

Indeed. Although the foaf+ssl is considered a "fringe" group by the OpenID (and other) communities there's some great stuff there that should be brought forward as an input to OpenID v.next. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100526/4cbd4da6/attachment.html>