I suppose v.Next at least tries to preserve some OpenID properties
such as verified identifiers, at least as an attribute.
=nat @ Mountain View via iPhone
On 2010/05/25, at 14:04, Brian Kissel <[email protected]> wrote:
I won't purport to know the answer to some of the tough questions
we're wrestling with here, but do agree with Eran that whatever we
do should be "market driven." To that end, what I'd really like to
hear is from existing and prospective RPs who are following this
list. We’ve had plenty of input from OPs and technologists. If we
don't have enough input from RPs on this list, how do we get it? I’
ve seen a post or two on this thread recently saying that we’ve evol
ved beyond the point where a few folks can say “we know what’s
best for the market” and others will follow. I agree with that sent
iment, we need broader involvement and feedback, not necessarily on
the specifications, but on the MRDs and PRDs that should be the prec
ursors to our specifications work.
I spoke with Daniel Jacobson of NPR today who is the chairman of the
Adoption Committee, and a prospective RP, and asked him to provide
his input to this discussion – which he will be doing shortly. I've
also asked Rob Harles of Sears and Marc Frons of the NY Times, both
OIDF board members, to provide input. At Janrain we're talking to e
xisting and prospective RPs every day. While each have some unique
requirements, many have similar objectives and concerns. Here's my
take so far, but would really like to hear from other existing and p
rospective RPs across a range of applications: social web, enterpris
e, ecommerce, government, news & media, etc.
· They want something that is backward and forward compatibl
e if possible. Ripping and replacing core technologies is painful.
If we’re going to make changes that break backwards compatibility (
which it sounds like both OpenID V.Next and OpenID Connect have the
potential of doing), let’s make sure that the new platform is extens
ible enough to support future expected use cases and expanded functi
onality – richer industry/application specific data, security enhanc
ements, commerce enhancements, reputation management, multiple platf
orms (PC, mobile, game consoles, etc.) If we do end up having to br
eak backward compatibility, let’s make sure we have a clear and cons
istent migration path that’s as seamless as possible for existing RP
s. This doesn’t mean that the baseline lowest common denominator pl
atform should be complex and difficult to deploy (to the contrary),
but it should support extensions and enhancements that enable broade
r used cases than the lowest common denominator.
· They want a clear message on how all the related technolog
ies can and should work together: OpenID, OAuth, SREG, AX, Portable
Contacts, Activity Streams, Open Social, Artifact Binding, Contract
Exchange, Discovery, UX Extension, etc. – both functionality and tim
ing (roadmap).
· They want something that is easy to deploy and maintain, a
nd intuitive and compelling for end users. They can accept that for
advanced features, additional effort and complexity will likely be
involved.
· They would like to see OPs behave in a consistent and pred
ictable way as they evolve and enhance their services. If OPs behav
e erratically and without clear and timely communications, it’s hard
er to buy into the ecosystem.
I hope I’ve accurately captured some of the feedback we’ve been
hearing and if not I trust that the RPs that are monitoring this lis
t will provide their feedback and recommendations.
I’d encourage each of us who is monitoring this list to invite more
RPs (existing and prospective) to the discussion.
Cheers,
Brian
___________
Brian Kissel
CEO - JanRain, Inc.
[email protected]
Mobile: 503.342.2668 | Fax: 503.296.5502
519 SW 3rd Ave. Suite 600 Portland, OR 97204
Increase registrations, engage users, and grow your brand with RPX.
Learn more at www.rpxnow.com
-----Original Message-----
From: [email protected] [mailto:openid-specs-
[email protected]] On Behalf Of Eran Hammer-Lahav
Sent: Monday, May 24, 2010 7:01 PM
To: Dick Hardt
Cc: Joseph Smarr; OpenID Board (public); [email protected]
Subject: RE: [OpenID board] Why Connect?
> -----Original Message-----
> From: Dick Hardt [mailto:[email protected]]
> Sent: Monday, May 24, 2010 6:20 PM
> To: Eran Hammer-Lahav
> Cc: Allen Tom; David Recordon; Joseph Smarr; OpenID Board (public);
> [email protected]
> Subject: Re: [OpenID board] Why Connect?
>
>
> On 2010-05-24, at 6:08 PM, Eran Hammer-Lahav wrote:
>
> > The question is:
> >
> > Is the OIDF interested in taking the lead in building an
identity layer for
> OAuth 2.0?
> >
> > I'm willing to bet that if the answer is no, it will be the
beginning of the end
> for OpenID. OAuth 2.0 + identity will fully cover the OpenID 2.0
use cases in a
> cleaner, more secure way.
>
> OpenID Connect as currently envisioned misses many of the internet
identity
> use cases.
And covers most of the ones desired by those currently implementing
OpenID. For those using OpenID 2.0 today, this proposal offers a
full and significantly better replacement. This proposal is 100%
market-driven, which is not something I can say about OpenID now or
in the past. This proposal is driven by developers, providers, and
end users.
> >
> > This is very much an issue of timing. If the problem is the
name, call it the
> "OAuth Identity Framework",
>
> OpenID Connect has very little to do with OpenID, and lots to do
with OAuth.
> That sounds like a better name.
True if you define OpenID as nothing but a protocol. But if that is
your definition, I think OpenID best days are behind it. People
don't care about protocols, they care about products. I think it
would be a mistake for the OpenID foundation to let OAuth take over
such a huge chunk of the current OpenID use cases.
> > leaving OpenID to be whatever the v.next WG decides it will be a
year or
> two from now.
>
> That sounds like a challenge I am will to take on. :)
Well, that's something the foundation will have to figure out. All I
can do is offer my perspective.
EHL
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
