I'm obviously +1 for this work occurring inside the OpenID Foundation. But as Eran said, there's momentum pushing this work forward, and whether this happens within the OIDF is not a gating factor. Since I posted the OpenID Connect proposal we've evolved and simplified it, an engineer at Six Apart built a prototype client and server, and we've received some really positive feedback from both potential clients and servers in a range of industries.<div>
<br></div><div>I want this work to occur within the OpenID Foundation, but am tired of a small number of people trying to stop us from even creating a Working Group.</div><div><br></div><div>I'm also supportive of the v.Next work moving forward so that there's actually a technical proposal which can be understood, compared, and ideally combined where it makes sense.</div>
<div><br></div><div>The risk to the OpenID brand and Foundation is clear to me if this work happens elsewhere; the risk of moving the Connect Work Group forward within the Foundation remains quite unclear to me.</div><meta charset="utf-8"><div>
<br></div><div>--David</div><div><br><br><div class="gmail_quote">On Wed, May 26, 2010 at 8:48 AM, Brian Kissel <span dir="ltr"><<a href="mailto:bkissel@janrain.com">bkissel@janrain.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
+1 for having the work done inside the OpenID Foundation.<br>
<br>
Cheers,<br>
<br>
Brian<br>
___________<br>
<br>
Brian Kissel<br>
CEO - JanRain, Inc.<br>
<a href="mailto:bkissel@janrain.com">bkissel@janrain.com</a><br>
Mobile: 503.342.2668 | Fax: 503.296.5502<br>
519 SW 3rd Ave. Suite 600 Portland, OR 97204<br>
<br>
Increase registrations, engage users, and grow your brand with RPX. Learn<br>
more at <a href="http://www.rpxnow.com" target="_blank">www.rpxnow.com</a><br>
<div class="im"><br>
<br>
-----Original Message-----<br>
From: <a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a><br>
</div><div class="im">[mailto:<a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a>] On Behalf Of Eran<br>
Hammer-Lahav<br>
Sent: Wednesday, May 26, 2010 1:22 AM<br>
To: <a href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
</div><div><div></div><div class="h5">Subject: RE: OpenID Hybrid v2 Proposal (formerly known OpenID Connect)<br>
<br>
Discussing the name is a distraction. The issue is whether the OpenID<br>
foundation wants to be where identity work is done, or where the OpenID<br>
protocol (and nothing else) is done. Again, the question is very simple:<br>
OAuth is going to have an identity layer (that's a done deal) - do you<br>
want to work on it here under the OpenID foundation or not?<br>
<br>
Everything else (like naming, migration path from OpenID 2.0 to OAuth 2.0<br>
identity) is stuff for the WG to figure out.<br>
<br>
This is a fundamental question far beyond all this geek talk: what is the<br>
purpose of this community? Where are its boundaries? Is this the hub of<br>
web identity work, or just one tiny piece of it?<br>
<br>
I'm happy with any answer.<br>
<br>
It would be helpful if people would voice clear opinions on this rather<br>
than going in circles (i.e., start with "I'm for/against doing this work<br>
here, and this is why...").<br>
<br>
EHL<br>
<br>
> -----Original Message-----<br>
> From: <a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a> [mailto:<a href="mailto:openid-specs-">openid-specs-</a><br>
> <a href="mailto:bounces@lists.openid.net">bounces@lists.openid.net</a>] On Behalf Of Martin Atkins<br>
> Sent: Tuesday, May 25, 2010 5:49 PM<br>
> To: <a href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
> Subject: Re: OpenID Hybrid v2 Proposal (formerly known OpenID Connect)<br>
><br>
> On 05/25/2010 01:56 PM, Allen Tom wrote:<br>
> > Hi All,<br>
> ><br>
> > A better way to look at OpenID Connect is to just think of it as<br>
> > revised version of the OpenID Hybrid. The purpose of the Hybrid WG was<br>
> > to find a way to combine OpenID Authentication with the approval of an<br>
> > Oauth access token into a single request/response.<br>
> ><br>
><br>
> "OpenID Connect" isn't actually compatible with OpenID at anything but<br>
the<br>
> highest conceptual level.<br>
><br>
> > Renaming the OpenID Connect WG to be the OpenID Hybrid v2 WG could<br>
> > possibly clarify the goals of the WG, and reduce confusion within the<br>
> community.<br>
> > Afterall - Hybrid is intended for the case where the user's IdP is<br>
> > also the SP, so the Connect proposal is really a revised Hybrid<br>
> > proposal, rather than a proposal for OpenID v.Next<br>
> ><br>
><br>
> I think this would only make sense if the resulting protocol were<br>
functionally<br>
> equivalent to OpenID. That is to say that I can implement it against my<br>
> existing OpenID infrastructure without doing data migrations, changing<br>
my<br>
> UI, etc.<br>
><br>
> I think the most important deviation in OpenID Connect is that the<br>
identifier<br>
> is no longer expected to be human-readable; while I completely agree<br>
that<br>
> this is the right design if we're starting over from a clean slate,<br>
that's a<br>
> breaking change for most existing consumer implementations that link to<br>
the<br>
> identifier as the user's "home page" or "profile page".<br>
><br>
> I still think this thing should be branded with a stronger OAuth<br>
connotation<br>
> than an OpenID connotation, since it's far closer to OAuth than it is to<br>
> OpenID. I didn't really like the OpenID Connect name, but at least it<br>
made it<br>
> sound like this was something new and different; calling it OpenID/OAuth<br>
> Hybrid makes it sound a lot more like a different implementation of the<br>
same<br>
> thing than the radical rethink that OpenID Connect actually represents.<br>
><br>
> That's my two cents, at least.<br>
><br>
><br>
><br>
> _______________________________________________<br>
> specs mailing list<br>
> <a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
</div></div></blockquote></div><br></div>