On 2010-05-24, at 7:01 PM, Eran Hammer-Lahav wrote: > > >> -----Original Message----- >> From: Dick Hardt [mailto:[email protected]] >> Sent: Monday, May 24, 2010 6:20 PM >> To: Eran Hammer-Lahav >> Cc: Allen Tom; David Recordon; Joseph Smarr; OpenID Board (public); >> [email protected] >> Subject: Re: [OpenID board] Why Connect? >> >> >> On 2010-05-24, at 6:08 PM, Eran Hammer-Lahav wrote: >> >>> The question is: >>> >>> Is the OIDF interested in taking the lead in building an identity layer for >> OAuth 2.0? >>> >>> I'm willing to bet that if the answer is no, it will be the beginning of >>> the end >> for OpenID. OAuth 2.0 + identity will fully cover the OpenID 2.0 use cases >> in a >> cleaner, more secure way. >> >> OpenID Connect as currently envisioned misses many of the internet identity >> use cases. > > And covers most of the ones desired by those currently implementing OpenID. > For those using OpenID 2.0 today, this proposal offers a full and > significantly better replacement. This proposal is 100% market-driven, which > is not something I can say about OpenID now or in the past. This proposal is > driven by developers, providers, and end users.
I agree this is better than OpenID 2.0 for many use cases. I can see how it is an obvious evolution for how OAuth is used to gather identity information. I also think Connect has not holistically looked at what the broader internet identity problems are, and is painting itself into an architecture corner. As a creator of the OAuth hammer, I can see you view this as an OAuth nail. I don't see it that way. > >>> >>> This is very much an issue of timing. If the problem is the name, call it >>> the >> "OAuth Identity Framework", >> >> OpenID Connect has very little to do with OpenID, and lots to do with OAuth. >> That sounds like a better name. > > True if you define OpenID as nothing but a protocol. But if that is your > definition, I think OpenID best days are behind it. People don't care about > protocols, they care about products. I think it would be a mistake for the > OpenID foundation to let OAuth take over such a huge chunk of the current > OpenID use cases. I see OpenID as a solution for the Internet Identity Problem. agree that many have viewed OpenID as a protocol, and one that was good enough. OpenID v.Next is queuing up to provide a holistic solution. The process for v.Next was started a couple months ago. As you know, these things take time. _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
