One thing to bear in mind is that the technical arguments aside, the Facebook/connect and Twitter/Connect world is in serious trouble. This may spell opportunity or difficulty for OpenID.
Facebook is currently under assault for its abusive privacy policy. There is a considerable backlash brewing and those who live by viral marketing can die in the same way. The odd thing about Twitter connect is that several sites that I had been connecting to using my Twitter account seem to have recently discontinued it. I think that the inconsistencies and conflicts inherent in those models are starting to be exposed. On Wed, May 19, 2010 at 2:05 PM, David Recordon <[email protected]> wrote: > On Wed, May 19, 2010 at 7:49 AM, John Bradley <[email protected]> > wrote: >> >> From conversations at IIW, I would say that David/Facebooks design goal is >> something as simple as possible for RP to get the minimum information. > > I wouldn't say that these are just my design goals, what I proposed is very > similar to even what Twitter shipped a few years ago on OAuth 1.0. > http://apiwiki.twitter.com/Sign-in-with-Twitter > >> That may well translate into weak, in this version of the proposal. >> Talking to Brenno and others, variations on this approach may be >> significantly less weak. >> Once there is a openID WG considering the issue under our IPR policy I >> will feel significantly more comfortable contributing. >> As a community director doing openID standards development outside of the >> foundation is not something that I can personally participate in. >> I am looking forward to the vNext working group getting to work. >> I hope as a member you will be participating as well. >> Regards >> John B. >> On 2010-05-19, at 2:25 AM, Ben Laurie wrote: >> >> >> On 16 May 2010 00:57, David Recordon <[email protected]> wrote: >>> >>> The past few months I've had a bunch of one on one conversations with a >>> lot of different people – including many of folks on this list – about ways >>> to build a future version of OpenID on top of OAuth 2.0. Back in March when >>> I wrote a draft of OAuth 2.0 I mentioned it as one of my future goals as >>> well (http://daveman692.livejournal.com/349384.html). >>> Basically moving us to where there's a true technology stack of TCP/IP -> >>> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome APIs). Not just >>> modernizing the technology, but also focusing on solving a few of the key >>> "product" issues we hear time and time again. >>> I took the past few days to write down a lot of these ideas and glue them >>> together. Talked with Chris Messina who thought it was an interesting idea >>> and decided to dub it "OpenID Connect" (see >>> http://factoryjoe.com/blog/2010/01/04/openid-connect/). And thanks to Eran >>> Hammer-Lahav and Joseph Smarr for some help writing bits of it! >>> So, a modest proposal that I hope gets the conversation going >>> again. http://openidconnect.com/ >> >> If the goal is to get something as weak as possible without it instantly >> collapsing around your ears, then this sounds like a great plan. >> If, OTOH, you are interested in actually protecting peoples' identities, >> then OAuth 2.0 doesn't seem like a great starting point. >> >>> >>> --David >>> _______________________________________________ >>> specs mailing list >>> [email protected] >>> http://lists.openid.net/mailman/listinfo/openid-specs >>> >> >> _______________________________________________ >> specs mailing list >> [email protected] >> http://lists.openid.net/mailman/listinfo/openid-specs >> > > > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs > > -- Website: http://hallambaker.com/ _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
