My 2-cents (and more RP perspective coming soon from me):
While I totally understand the desire to forge ahead and do something
amazing with "Connect" or "v.Next" -- I don't think we necessarily
want to loose all backwards compatibility, getting RPs to upgrade to
new, incompatible specs is a battle that would require a very large
number of resources, resources the OIDF just doesn't have.
-Jonathan
On May 25, 2010, at 8:48 PM, Martin Atkins wrote:
On 05/25/2010 01:56 PM, Allen Tom wrote:
Hi All,
A better way to look at OpenID Connect is to just think of it as
revised
version of the OpenID Hybrid. The purpose of the Hybrid WG was to
find a way
to combine OpenID Authentication with the approval of an Oauth
access token
into a single request/response.
"OpenID Connect" isn't actually compatible with OpenID at anything
but the highest conceptual level.
Renaming the OpenID Connect WG to be the OpenID Hybrid v2 WG could
possibly
clarify the goals of the WG, and reduce confusion within the
community.
Afterall - Hybrid is intended for the case where the user's IdP is
also the
SP, so the Connect proposal is really a revised Hybrid proposal,
rather than
a proposal for OpenID v.Next
I think this would only make sense if the resulting protocol were
functionally equivalent to OpenID. That is to say that I can
implement it against my existing OpenID infrastructure without doing
data migrations, changing my UI, etc.
I think the most important deviation in OpenID Connect is that the
identifier is no longer expected to be human-readable; while I
completely agree that this is the right design if we're starting
over from a clean slate, that's a breaking change for most existing
consumer implementations that link to the identifier as the user's
"home page" or "profile page".
I still think this thing should be branded with a stronger OAuth
connotation than an OpenID connotation, since it's far closer to
OAuth than it is to OpenID. I didn't really like the OpenID Connect
name, but at least it made it sound like this was something new and
different; calling it OpenID/OAuth Hybrid makes it sound a lot more
like a different implementation of the same thing than the radical
rethink that OpenID Connect actually represents.
That's my two cents, at least.
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
