<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Thanks John,<div><br></div><div>People seem to be a bit on the edgy side these days.</div><div><br></div><div>Between Connect, xAuth, and v.Next.</div><div><br></div><div>People aught to remember that openID 2.0 is itself a amalgamation of technologies from LID, SXIP, XRDS and others that I have probably forgotten.</div><div><br></div><div>Examining and incorporating new ideas is something that is not new to openID.</div><div><br></div><div>That is not to say that everything gets adopted ether.</div><div><br></div><div>xAuth is a solution that a group of people have come up with for a problem. </div><div><br></div><div>We need to engage and understand, not ridicule.</div><div><br></div><div>I certainly have concerns about potential issues with xAuth, but I have taken them up with Meebo and others working on xAuth.</div><div><br></div><div>It is still early days for xAuth. </div><div><br></div><div>I can't predict if it will be a technology that openID will embrace.</div><div><br></div><div>The same is true for Connect, or whatever it will be called at the end of the day.</div><div><br></div><div>I would rather work with those companies who are primarily concerned with providing OAuth protected API like facebook inside the OIDF, than tell them to go develop there ideas elsewhere.</div><div><br></div><div>Once we decide that "We" know best and have the one true way, we will be no better than other protocols that we have mocked in the past.</div><div><br></div><div>I am going to continue to help people develop there ideas so that we can determine the ones with merit.</div><div><br></div><div>In fairness to Eran, my initial reaction was quite negative as well, fortunately I took the time to discuss xAuth with the proposers before deciding the sky was falling.</div><div><br></div><div>Regards</div><div><br></div><div>John B.</div><div><br></div><div><br><div><div>On 2010-06-07, at 5:15 PM, John Panzer wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>It's not a centralized component[1].</div><div><br></div><div>I'm disappointed in Eran's post and wrote a response yesterday:</div><div><br></div><a href="http://www.abstractioneer.org/2010/06/xauth-is-lot-like-democracy.html">http://www.abstractioneer.org/2010/06/xauth-is-lot-like-democracy.html</a><br>
<br><div>Unfortunately, FUD sells and Eran's post is being retweeted and cited pretty widely. If you're going to agree with his objections, please read the rebuttals as well, and explain why you think they're not sufficient.</div>
<div><br></div><div>-John</div><div><br></div><div>[1] There is nuance here which I'm ignoring in order to get a clear message across. The initial implementation has a single centralized piece, a DNS entry, but no centralized services or data storage at all. The end game is a fully decentralized system, but you need a path to get there. Go read the details at <a href="http://www.abstractioneer.org/2010/06/xauth-is-lot-like-democracy.html">http://www.abstractioneer.org/2010/06/xauth-is-lot-like-democracy.html</a> or at <a href="http://googlecode.blogspot.com/2010/04/using-xauth-to-simplify-social-web.html">http://googlecode.blogspot.com/2010/04/using-xauth-to-simplify-social-web.html</a>.</div>
<meta charset="utf-8"><div><br><div class="gmail_quote">On Mon, Jun 7, 2010 at 7:40 AM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div class="im">
<div>><a href="http://hueniverse.com/2010/06/xauth-a-terrible-horrible-no-good-very-bad-idea/" target="_blank"><span></span>http://hueniverse.com/2010/06/xauth-a-terrible-horrible-no-good-very<span></span>-bad-idea/</a></div>
<div><br></div>
</div><div>Well, his points against it are quite valid. Having a centralized
component to a decentralized architecture, especially one that all
parties must *rely* upon, would violate the essential spirit of the
idea.</div>
<div><br></div>
<div>(That said, if any of them *want* to do it, they may do so
unofficially, with neither the involvement nor sanction of the
community. Then, when the inevitable user backlash arrives - or, as
you put it, "the shit hits the fan" - they alone suffer the
reputation hit and loss to market share, compounded by having done so
against the recommendations of the majority of the OpenID movement
itself.)</div>
<div><br></div>
<div>I realize that you're in favor of the centralized component, but
please do try to understand why this philosophy is diametrically
opposed by OpenID.</div>
<div><br></div>
<div>-Shade</div>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
<br></blockquote></div><br></div>
_______________________________________________<br>general mailing list<br><a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-general<br></blockquote></div><br></div></body></html>