On 2010-05-22, at 10:34 AM, David Recordon wrote: > Reusing identity from Twitter, Facebook, Google etc. has become a common > architecture. It is a federated vs internet architecture. It works for > applications that use one or more of those services. It solves some of the > social web identity challenges. I think it also seem to paint us into a > corner and creat significant challenges for solving internet identity. > > I don't think that we're reusing identity from those companies, but rather > building on many of their concepts as they've been proven to work.
Uh, clearly many sites are reusing identity from those companies. Not sure why they will put up a generic button when the Twitter and Facebook buttons work well for them now. > We're also building on OAuth 2.0 and discovery technologies from the IETF. > While it's possible to view this as creating a new architecture, OpenID 1.0 > and 2.0 have given us a lot of deployment experience around discovery and > dynamic associations; so we're building on that as well. I must not have been clear. OpenID is a new architecture compared to OAuth. OpenID v.Next is what the community was working on as being the next step. > > Is the Connect proposal perfect, no. Is it a reasonable starting point for a > near term future version of identity for the web, we certainly think so. Why not do this work in v.Next? Would you elaborate on how you think OpenID Connect can evolve to solve identity on the broader web? > > In many cases I think the expression of saying that we're wrong and should > stop only reinforces why we should move forward. Are you saying that I am saying you are wrong? Or is someone else saying you are wrong? I'm not saying that you can't evolve Connect to solve the social web identity problem. > Many people told us that OpenID 1.0 and 2.0 were horrible ideas, that we were > ignoring the real problems, and couldn't possibly be successful. I'm glad > that we didn't listen then as we would have missed out on a great amount of > innovation. Your justification to do OpenID Connect is because people in the OpenID community disagree with you? As an aside, OpenID Connect looks like Facebook Connect with OAuth 2.0 and some discovery mixed in. If OpenID Connect became an OpenID standard, Facebook could say they supported OpenID with little effort. In other words, OpenID Connect looks like Facebook Connect with some standardization thrown in. While OpenID Connect may be a good way to move OpenID forward, as a Facebook employee, I think you have a conflict of interest in the OpenID community promoting a new WG that overlaps heavily with WGs that were a getting started and is so clearly Facebook biased. This thread is getting away from discussing the technical aspects of the Connect WG Proposal. How about we move back to that discussion? As a member of the specs council, I asked a number of questions early on. Would you be kind enough to answer these? -- Dick
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
