Agreed. http://openidconnect.com/#associations
On Tue, May 25, 2010 at 11:11 AM, Monroe, Grant <[email protected]> wrote: > As long as the technology supports dynamic associations, and > preregistration isn't the status quo for authentication, I'll be > happy. I think that these basic facts have allowed OpenID to be even > remotely successful. > -- Grant > > On Tue, May 25, 2010 at 10:00 AM, David Recordon <[email protected]> > wrote: > > Grant, I don't disagree with you. I have however seen this sort of > > whitelisting requirement from both the provider (i.e. AOL initially) and > > consumer (i.e. Federal Government) sides. OpenID 1.0 and 2.0 allowed them > to > > do this. As Eran said, it's really not about the technology but rather > > trust, liability, and policy. I also believe that most large providers > will > > support dynamic associations for accessing at least basic information and > > others will not have any form of preregistration at all. > > --David > > > > On Tue, May 25, 2010 at 10:35 AM, Eran Hammer-Lahav <[email protected] > > > > wrote: > >> > >> It isn't much different from white listing providers, or using buttons > >> instead of an input box as is common today. Reality is that until we > solve > >> the legal issues around trust and liability, the technical solution > doesn't > >> matter. Standard machine readable TOS is just the first step. Figuring > out > >> the issue of liability is a much bigger issue which is key to any > meaningful > >> OpenID adoption. > >> > >> I view the OpenID Connect proposal as a to-do list for the OAuth > community > >> to fill in the missing pieces. For example, OAuth needs to support > endpoint > >> discovery, unregistered clients, basic immediate mode and username > support, > >> and request and response signatures with either symmetric or asymmetric > >> secrets. These are all *OAuth* elements that should be standardized by > the > >> OAuth community in the IETF. > >> > >> However, putting these components together for a coherent identity > >> framework is what I expect from the OpenID community. It will probably > mean > >> that the OpenID WG will need to work closely with the OAuth WG and > provide > >> feedback and requirements. But at the end, someone will need to write a > spec > >> that puts this all together and that should be the OpenID foundation, > even > >> if this spec is not much more than glue. > >> > >> EHL > >> > >> > -----Original Message----- > >> > From: [email protected] [mailto:openid-specs- > >> > [email protected]] On Behalf Of Monroe, Grant > >> > Sent: Tuesday, May 25, 2010 5:36 AM > >> > To: David Recordon > >> > Cc: Joseph Smarr; OpenID Board (public); > [email protected] > >> > Subject: Re: Why Connect? > >> > > >> > > Eran Hammer-Lahav (with a +1 from Chuck Mortimore): > >> > >> > >> > >> My guess is that an OAuth identity layer will not be a good thing > for > >> > >> OpenID adoption. OAuth providers will get it for free. > >> > > >> > You know what's not good for adoption? Having to go to 20 different > >> > developer portals. Trying to figure out how to create an OAuth > >> > application in > >> > 20 different ways. Verifying your domain in 20 different ways. > Agreeing > >> > to 20 > >> > different terms of service. > >> > > >> > I know that the OpenID Connect proposal mentions an association step, > >> > but > >> > if all the major providers wind up requiring preregistration, it is a > >> > moot point. > >> > My gut is that using OAuth as the base will be very good for a few > >> > players, > >> > and bad for identity on the whole. > >> > > >> > -- > >> > Grant Monroe > >> > JanRain, Inc. > >> > _______________________________________________ > >> > specs mailing list > >> > [email protected] > >> > http://lists.openid.net/mailman/listinfo/openid-specs > >> _______________________________________________ > >> specs mailing list > >> [email protected] > >> http://lists.openid.net/mailman/listinfo/openid-specs > > > > >
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
