<html><body bgcolor="#FFFFFF"><div>I suppose v.Next at least tries to preserve some OpenID properties such as verified identifiers, at least as an attribute. <br><br>=nat @ Mountain View via iPhone</div><div><br>On 2010/05/25, at 14:04, Brian Kissel <<a href="mailto:bkissel@janrain.com">bkissel@janrain.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>
<div class="Section1">
<p class="MsoPlainText"><span style="font-size:12.0pt;font-family:"Calibri","sans-serif"">I
won't purport to know the answer to some of the tough questions we're wrestling
with here, but do agree with Eran that whatever we do should be "market
driven." To that end, what I'd really like to hear is from existing
and prospective RPs who are following this list. We’ve had plenty
of input from OPs and technologists. If we don't have enough input from RPs
on this list, how do we get it? I’ve seen a post or two on this
thread recently saying that we’ve evolved beyond the point where a few
folks can say “we know what’s best for the market” and others
will follow. I agree with that sentiment, we need broader involvement and
feedback, not necessarily on the specifications, but on the MRDs and PRDs that
should be the precursors to our specifications work.</span></p>
<p class="MsoPlainText"><span style="font-size:12.0pt;font-family:"Calibri","sans-serif""> </span></p>
<p class="MsoPlainText"><span style="font-size:12.0pt;font-family:"Calibri","sans-serif"">I
spoke with Daniel Jacobson of NPR today who is the chairman of the Adoption Committee,
and a prospective RP, and asked him to provide his input to this discussion –
which he will be doing shortly. I've also asked Rob Harles of Sears and Marc
Frons of the NY Times, both OIDF board members, to provide input. At Janrain
we're talking to existing and prospective RPs every day. While each have
some unique requirements, many have similar objectives and concerns.
Here's my take so far, but would really like to hear from other existing and prospective
RPs across a range of applications: social web, enterprise, ecommerce,
government, news & media, etc.</span></p>
<p class="MsoPlainText"><span style="font-size:12.0pt;font-family:"Calibri","sans-serif""> </span></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1"><span style="font-size:12.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><span style="font-size:12.0pt;font-family:"Calibri","sans-serif"">They
want something that is backward and forward compatible if possible.
Ripping and replacing core technologies is painful. If we’re going
to make changes that break backwards compatibility (which it sounds like both
OpenID V.Next and OpenID Connect have the potential of doing), let’s make
sure that the new platform is extensible enough to support future expected use
cases and expanded functionality – richer industry/application specific data,
security enhancements, commerce enhancements, reputation management, multiple
platforms (PC, mobile, game consoles, etc.) If we do end up having to
break backward compatibility, let’s make sure we have a clear and
consistent migration path that’s as seamless as possible for existing
RPs. This doesn’t mean that the baseline lowest common denominator
platform should be complex and difficult to deploy (to the contrary), but it
should support extensions and enhancements that enable broader used cases than
the lowest common denominator.</span></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1"><span style="font-size:12.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><span style="font-size:12.0pt;font-family:"Calibri","sans-serif"">They
want a clear message on how all the related technologies can and should work
together: OpenID, OAuth, SREG, AX, Portable Contacts, Activity Streams, Open
Social, Artifact Binding, Contract Exchange, Discovery, UX Extension, etc. –
both functionality and timing (roadmap).</span></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1"><span style="font-size:12.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><span style="font-size:12.0pt;font-family:"Calibri","sans-serif"">They
want something that is easy to deploy and maintain, and intuitive and
compelling for end users. They can accept that for advanced features,
additional effort and complexity will likely be involved.</span></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1"><span style="font-size:12.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><span style="font-size:12.0pt;font-family:"Calibri","sans-serif"">They
would like to see OPs behave in a consistent and predictable way as they evolve
and enhance their services. If OPs behave erratically and without clear
and timely communications, it’s harder to buy into the ecosystem.</span></p>
<p class="MsoPlainText"><span style="font-size:12.0pt;font-family:"Calibri","sans-serif""> </span></p>
<p class="MsoPlainText"><span style="font-size:12.0pt;font-family:"Calibri","sans-serif"">I
hope I’ve accurately captured some of the feedback we’ve been
hearing and if not I trust that the RPs that are monitoring this list will
provide their feedback and recommendations.</span></p>
<p class="MsoPlainText"><span style="font-size:12.0pt;font-family:"Calibri","sans-serif""> </span></p>
<p class="MsoPlainText"><span style="font-size:12.0pt;font-family:"Calibri","sans-serif"">I’d
encourage each of us who is monitoring this list to invite more RPs (existing and
prospective) to the discussion.</span></p>
<p class="MsoPlainText"> </p>
<p class="MsoNormal"><span style="color:#0033CC">Cheers,</span></p>
<p class="MsoNormal"><span style="color:#0033CC"><br>
Brian</span></p>
<p class="MsoNormal"><b><span style="color:#0033CC">___________</span></b><span style="color:#0033CC"></span></p>
<p class="MsoNormal"><b><span style="color:#0033CC"> </span></b></p>
<p class="MsoNormal"><b><span style="color:#0033CC"><a href="http://www.linkedin.com/pub/0/10/254"><span style="color:#0033CC">Brian
Kissel</span></a></span></b></p>
<p class="MsoNormal"><span style="color:#0033CC">CEO - JanRain, Inc.</span></p>
<p class="MsoNormal"><span style="color:#0033CC"><a href="mailto:bkissel@janrain.com"><a href="mailto:bkissel@janrain.com">bkissel@janrain.com</a></a></span></p>
<p class="MsoNormal"><span style="color:#0033CC">Mobile: </span><span style="color:#0033CC">503.342.2668 </span><span style="color:#0033CC">| Fax: </span><span style="color:#0033CC">503.296.5502</span></p>
<p class="MsoNormal"><span style="color:#0033CC">519 SW 3rd Ave. Suite 600
Portland, OR 97204</span></p>
<p class="MsoNormal"><span style="color:#0033CC"> </span></p>
<p class="MsoNormal"><b><i><span style="color:#0033CC">Increase registrations,
engage users, and grow your brand with RPX. Learn more at </span></i></b><b><i><span style="color:red"><a href="http://www.rpxnow.com/"><span style="color:red">www.rpxnow.com</span></a></span></i></b></p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">-----Original Message-----<br>
From: <a href="mailto:openid-specs-bounces@lists.openid.net"><a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a></a>
[mailto:<a href="mailto:openid-specs-bounces@lists.openid.net"><a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a></a>] On Behalf Of Eran Hammer-Lahav<br>
Sent: Monday, May 24, 2010 7:01 PM<br>
To: Dick Hardt<br>
Cc: Joseph Smarr; OpenID Board (public); <a href="mailto:openid-specs@lists.openid.net"><a href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a></a><br>
Subject: RE: [OpenID board] Why Connect?</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">> -----Original Message-----</p>
<p class="MsoPlainText">> From: Dick Hardt [mailto:<a href="mailto:dick.hardt@gmail.com"><a href="mailto:dick.hardt@gmail.com">dick.hardt@gmail.com</a></a>]</p>
<p class="MsoPlainText">> Sent: Monday, May 24, 2010 6:20 PM</p>
<p class="MsoPlainText">> To: Eran Hammer-Lahav</p>
<p class="MsoPlainText">> Cc: Allen Tom; David Recordon; Joseph Smarr; OpenID
Board (public);</p>
<p class="MsoPlainText">> <a href="mailto:openid-specs@lists.openid.net"><a href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a></a></p>
<p class="MsoPlainText">> Subject: Re: [OpenID board] Why Connect?</p>
<p class="MsoPlainText">> </p>
<p class="MsoPlainText">> </p>
<p class="MsoPlainText">> On 2010-05-24, at 6:08 PM, Eran Hammer-Lahav wrote:</p>
<p class="MsoPlainText">> </p>
<p class="MsoPlainText">> > The question is:</p>
<p class="MsoPlainText">> ></p>
<p class="MsoPlainText">> > Is the OIDF interested in taking the lead in
building an identity layer for</p>
<p class="MsoPlainText">> OAuth 2.0?</p>
<p class="MsoPlainText">> ></p>
<p class="MsoPlainText">> > I'm willing to bet that if the answer is no, it
will be the beginning of the end</p>
<p class="MsoPlainText">> for OpenID. OAuth 2.0 + identity will fully cover
the OpenID 2.0 use cases in a</p>
<p class="MsoPlainText">> cleaner, more secure way.</p>
<p class="MsoPlainText">> </p>
<p class="MsoPlainText">> OpenID Connect as currently envisioned misses many
of the internet identity</p>
<p class="MsoPlainText">> use cases.</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">And covers most of the ones desired by those currently
implementing OpenID. For those using OpenID 2.0 today, this proposal offers a
full and significantly better replacement. This proposal is 100% market-driven,
which is not something I can say about OpenID now or in the past. This proposal
is driven by developers, providers, and end users.</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">> ></p>
<p class="MsoPlainText">> > This is very much an issue of timing. If the
problem is the name, call it the</p>
<p class="MsoPlainText">> "OAuth Identity Framework",</p>
<p class="MsoPlainText">> </p>
<p class="MsoPlainText">> OpenID Connect has very little to do with OpenID,
and lots to do with OAuth.</p>
<p class="MsoPlainText">> That sounds like a better name.</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">True if you define OpenID as nothing but a protocol. But
if that is your definition, I think OpenID best days are behind it. People
don't care about protocols, they care about products. I think it would be a
mistake for the OpenID foundation to let OAuth take over such a huge chunk of
the current OpenID use cases.</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">> > leaving OpenID to be whatever the v.next WG
decides it will be a year or</p>
<p class="MsoPlainText">> two from now.</p>
<p class="MsoPlainText">> </p>
<p class="MsoPlainText">> That sounds like a challenge I am will to take on.
:)</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">Well, that's something the foundation will have to figure
out. All I can do is offer my perspective.</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">EHL</p>
<p class="MsoPlainText">_______________________________________________</p>
<p class="MsoPlainText">specs mailing list</p>
<p class="MsoPlainText"><a href="mailto:specs@lists.openid.net"><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></a></p>
<p class="MsoPlainText"><a href="http://lists.openid.net/mailman/listinfo/openid-specs"><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></a></p>
</div>
</div></blockquote></body></html>