Chris,

I want to start off by saying how horribly inappropriate it is to use the
OpenID specifications mailing list to peddle an authentication standard that
has absolutely nothing to do with OpenID.

I find it interesting that so many of the OAuth community have taken time
out of their busy schedules to tell me to "back off" on my extension to
OpenID.  Every single response to my specification has mentioned OAuth, and
all with a very defensive tone.  Only one or two responses have had any
constructive criticism about the actual content of the specification.

To MY defense, I didn't even know about OAuth until I was "reminded" of it
in response to my specification.  I have attempted to review the spec, but
am unable to locate it anywhere, even though I joined the Google Group, as
requested.

Due to the very public negative response from the OAuth folks, I am tempted
to remove myself from the group as a result.

As for consensus, I simply don't care.  This was an exercise to allow OpenID
to fill the needs of a specific use case.  I believe it is extremely simple
to implement, and is reasonably secure.  If the OpenID folks decide to adopt
it, I will be very happy.  If not, I will still be happy.

I am passionate about OpenID.  I feel that if I want it succeed, I should
work to extend it, and I should have the freedom to do so.

Thank you,

John Ehn

On 8/29/07, Chris Messina <[EMAIL PROTECTED]> wrote:
>
> Hi John,
>
> Looks like there's some consensus around OAuth... ;)
>
> I helped to get OAuth off the ground to solve the very problem that
> you're looking to solve -- in our case, enabling Ma.gnolia OpenID
> users to use Dashboard Widgets and Twitter API users to authenticate
> their apps, eventually using OpenID.
>
> While I appreciate your work on an OpenID-specific extension, I think
> there's some legitimacy in looking at a solution that works generally
> regardless of the authentication mechanism. By decoupling OpenID and
> OAuth, the goal was to make it easier to adopt OAuth first and then
> lead into adopting OpenID.
>
> In the case of your spec, which seems like a good piece of work,
> there'd be no sense in supporting the extension without supporting
> OpenID and as such, has limited benefit in the wild for implementors.
> With OAuth, if we're able to get folks like AOL, Google, Yahoo and
> others to support it, the amount of effort necessary to support all of
> them becomes the same amount of work to support one.
>
> Anyway, I'm glad to see you on the OAuth list. Feel free to poke
> around; we're looking to put out a 0.9 Draft and have it implemented
> over the course of September in libraries and then release finally a
> 1.0 Oct 1.
>
> Cheers,
>
> Chris
>
> On 8/27/07, David Fuelling <[EMAIL PROTECTED]> wrote:
> > John,
> >
> > Have a look at OAuth
> > (http://groups.google.com/group/oauth).  I think it's
> > currently a private google group, but it seems like you've given a lot
> of
> > thought to this type of thing, so I'm sure the group owners would
> welcome
> > your input.  There's a lot of activity going on over there.
> >
> > David
> >
> >
> > On 8/26/07, John Ehn <[EMAIL PROTECTED]> wrote:
> > >
> > > I have created a draft of a new specification that I think will help
> to
> > fill a gap in OpenID functionality.
> > >
> > > What appears to be a newer productivity feature of many websites is
> the
> > ability to import and utilize information from other sites.  For
> instance,
> > Basecamp provides an API that allows other systems to access user data.
> > This is a great feature, but it currently cannot be done with OpenID,
> due to
> > the dependence on end-user interaction during the authentication
> process.
> > >
> > > The Trusted Authentication Extension provides for the ability for an
> > OpenID Consumer to log in to another OpenID Consumer without user
> > interaction.  The end user will be able to create a trusted connection
> > between two OpenID enabled sites, which will allow a client site to
> access a
> > destination site using the end user's Identity.
> > >
> > > Please provide your comments and feedback, as they are most
> appreciated.
> > >
> > > http://extremeswank.com/openid_trusted_auth.html
> > >
> > > Thank you,
> > >
> > > John Ehn
> > > [EMAIL PROTECTED]
> > >
> > > _______________________________________________
> > > specs mailing list
> > > specs@openid.net
> > > http://openid.net/mailman/listinfo/specs
> > >
> > >
> >
> >
> > _______________________________________________
> > specs mailing list
> > specs@openid.net
> > http://openid.net/mailman/listinfo/specs
> >
> >
>
>
> --
> Chris Messina
> Citizen Provocateur &
>   Open Source Advocate-at-Large
> Work: http://citizenagency.com
> Blog: http://factoryjoe.com/blog
> Cell: 412 225-1051
> Skype: factoryjoe
> This email is:   [ ] bloggable    [X] ask first   [ ] private
>
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to