+cc: Thomas Roessler
> On Sat, May 22, 2010 at 8:42 AM, David Recordon <[email protected]> wrote:
> Hey Hans,
> Rough consensus is the minimum bar and at times may be the greatest
> possible consensus. It is also possible that the group reach consensus
> greater than rough.
Hi David,
This seems like interesting and useful work and I'm glad to see it
being brought under a chartered, documented process. However I share
some of Dick's concerns ("Please explain what problem(s) you are
trying to solve"). Unless you write down very explicitly the problems
you think you're solving with this work, you'll find it very difficult
to measure consensus, let alone achieve it. Lack of written
requirements and goals will also make it harder for those outside the
group (and outside the current OpenID world) to understand what you're
attempting, to estimate your chances of success or likely timeline, or
to determine whether and how to engage with it.
If this were a W3C group, at this stage I would expect the Foundation
to have an idea who the initial chair(s) of the group are, and how
it's deliverables looked on a draft timeline. I don't know IETF habits
so well, but something like the 'Goals and Milestones' section in
http://datatracker.ietf.org/wg/oauth/charter/ would seem appropriate here.
It is also traditional for chartered standards activities to be a
little more specific about their relationship to other groups (and
their deliverables). Since the OpenID Foundation is a relatively new
player, your audience will need some help understanding the extent to
which the Foundation imposes a requirement on its own groups to
produce architecturally consistent deliverables. As you are also
basing this effort on work-in-progress from an IETF group, and since
many of us around W3C are trying to work out how this fits into the
wider Web standards landscape, it is important to be tediously
specific here.
Some standards 'brands' have a reputation for allowing lots of
parallel work in related fields without strong top level
'interference' or coordination; others have a reputation for having a
process that is slower due to an expectation of ensuring broad
consistency across related work. You will need to help us learn what
to expect from the OpenID Foundation. The fact that this is a
single-topic standards body will raise expectations of strong
consistency (between Connect and v.Next, in this case); the general
hands-on 'web 2' / 'social web' culture of 'hey, let's just do it!'
perhaps raises expectations that speed and pragmatism are valued over
heavy integration. I should stress that neither end of the spectrum is
'right' here; good work comes in all these styles. But when you simply
list "OpenID v.Next Working Group proposals." as related work, and
don't give a timeline, specific dependencies or constraints, it
becomes impossible for outsiders to understand the way things work
here. Dick's mail shows that even OpenID insiders don't all have a
common view.
The more that can be written in your charter up-front, the better this will go.
If and when you launch this group, please try to think through how it
looks to those in the outside world! Many parties out there can't
afford to track the fine-grained detail of the OpenID scene, and look
for the larger trends. A v.Next and a Connect initiative launched at
the same time will need some care, otherwise - to be blunt - it looks
like chaos. Perhaps a creative, exciting chaos, but one that external
parties won't want to plan around. When Apple's new iPhone leaks,
people stop buying the old ones. When a new OpenID WG launches, people
stop hacking on OpenID v-last-year software implementations. When
*two* new future-of-OpenID WG efforts launch, people lose any sense
of what's going on. If you were working hard on implementing OpenID
and saw the Foundation launch two new groups whose charters barely
mentioned each other, would you feel confident about spending time
continuing to implement?
If this is expected to be the main current trunk of the Foundations
work on OpenID, the Foundation (and hence charter) should say so
explicitly. If it is expected to be accompanied by a v.Next sibling
group, please say what the interactions are to be with that group; how
will responsibilities and themes be managed? If it is essentially a
research or incubator group, created to map out the design space of
possible Oauth-layered OpenID systems, and to understand and document
the security, usability and deployment characteristics of different
designs, please say so. I hate to be so boring about this but you
can't afford to have a charter that just says "trust us", ie. "[we]
have strong relationships in many of these communities and do not
anticipate the need of formal liaisons". Many groups outside the inner
circle here are looking to this work and are trying to understand
whether (and when) the OpenID community will deliver something they
can have strong dependencies on.
My reading of the draft is that it is essentially investigative; a
support / research / prototyping group. I get that from counting the
number of times 'explore' is used (eight :). I guess therefore that no
other OpenID Foundation group has strong dependencies on it, and it is
intended to serve as a more exploratory sibling activity to any V.Next
'main track' work.
For this to be feasible I think you need to add:
* explicit requirements (you have long lists of technical and other
constraints in your heads; please write them down!)
* explicit goals and timeline
* names of initial chair(s) of the WG; whose job is it to keep the
work on track?
* explicit statement of relationship with any v.Next activities, however drafty
Now it is quite possible that this exploratory WG discovers something
fantastic which should be brought into the main V.Next track of OpenID
ASAP. If the charter had a 'end Aug 2010: provide a report on any
discovered fantasticness to the v.Next WG' bullet point, we could
start to imagine a V.Next WG charter which had 'Sept 2010: review of
Connect work for possible fantastic ideas'. If you think this could
all happen by the end of June, let's write that down. If the V.Next
charter drafters think they could be open to OAuth-based stuff along
the lines of Connect until -say- July, but after that, they'll have
picked a design, then let's have their charter reflect that too.
cheers,
Dan
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
