On Wed, May 26, 2010 at 4:31 PM, Eran Hammer-Lahav <[email protected]> wrote: > > >> -----Original Message----- >> From: Dan Brickley [mailto:[email protected]] >> Sent: Wednesday, May 26, 2010 2:13 AM >> To: Eran Hammer-Lahav >> Cc: [email protected] >> Subject: Re: OpenID Hybrid v2 Proposal (formerly known OpenID Connect) >> >> On Wed, May 26, 2010 at 10:22 AM, Eran Hammer-Lahav >> <[email protected]> wrote: >> > Discussing the name is a distraction. The issue is whether the OpenID >> foundation wants to be where identity work is done, or where the OpenID >> protocol (and nothing else) is done. Again, the question is very simple: >> OAuth >> is going to have an identity layer (that's a done deal) - do you want to work >> on it here under the OpenID foundation or not? >> >> >> It's not that entirely that simple. There are apparently other (different but >> with some commonality?) ideas for a next phase of OpenID activity, the >> v.Next stuff. So the Foundation also needs to decide whether to do both in >> parallel and let 'the market' decide, whether to map out some >> dependencies, shared technology components or even try for a common >> design, or whether to say "thanks but no thanks" >> to one of the proposals. It also needs to decide how much of that deciding to >> do up front (in the board) versus in chartered working group(s). >> >> Framing this bluntly as a 'take it or leave it' ultimatum looks (to a >> relative >> outsider) a little brutal, but I say that cautiously as I've not been party >> to any >> of the backstory or detailed debates. > > Reality is that simple. What to do about it might not be, but it's not like > there is a new flow of information coming. It's nice to want coherence in the > marketplace but that's not going to happen. There are going to be competing > solutions and there are going to be critics of each. At the end the market is > the only place where a decision between these two solutions can happen. >
OK, let's look at what they have in common, if anything, from a user's perspective. Do both allow users to be identified via http: URIs such as http://danbri.example.com/ ? Do both allow users to be identified via email-shaped URIs? [email protected] (URI-ified as acct:[email protected] or similar) Do both allow users to based such URIs on domains they own/control, while allowing the heavy-lifting to be done by implementations hosted/run by (easily swappable - eg. homepage markup) external providers? Is there some consistent story that can be put together for users while 'the marketplace' figures out the ugly under-the-cover details? Dan _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
