W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: the openid para

From: Jeff Sayre <jeff@sayremedia.com>
Date: Thu, 28 Apr 2011 08:34:11 -0700
Message-ID: <4e28f9eee626613be2cf5991179879d5.squirrel@webmail.sayremedia.com>
To: public-xg-webid@w3.org
The issue of being more inclusive and less confrontational regarding
OpenID was brought up last week. Believe it or not, the section on OpenID
that is now in the position paper is the rewritten, more friendly version!

As Henry points out, with a limited amount of space (and limited amount of
time), it is not easy to get every detail right.

Of course, it is important that we clearly differentiate the differences
between OpenID and WebID. Although the section could perhaps be less
assertive about them, I think it is crucial that people clearly understand
them. There are a number of additional advantages that WebID offers
compared to OpenID. We chose to leave them out due to space limitations
and not wanting to seem negative about OpenID.

I do no think we are snubbing our noses at the wonderful technological
progress that the OpenID community brought to the identity issue. We are
acknowledging OpenID and then saying that WebID is the next generation.

I suppose we could alter the paragraph, but I'm not too sure whether we
can officially resubmit past the deadline. Even if we can, does it make
that big of a difference? Our oral presentation can better build the
bridge between OpenID and WebID in a manner that gives OpenID its proper
respect.

> On 28 April 2011 04:50, peter williams <home_pw@msn.com> wrote:
>>
>> "OpenID reduces the account multiplication issue by allowing users to
>> login
>> to every site using the same global identifier. This provides a base
>> from
>> which WebId can be deployed, procuring the following extra advantages:
>> Protocol simplicity: the WebID protocol is a lot simpler, requiring only
>> one
>> more connection over and above the connection to the requested resource,
>> where the result is cacheable. OpenID requires seven TLS connections,
>> significantly more than WebID. These additional steps create
>> opportunities
>> for denial of service attacks, making it more difficult to secure and to
>> debug."
>>
>> I think we are still learning to make effective pitches. The above, for
>> example, now submitted, sounds somewhat catty. If my sales team used
>> that
>> tone about our competition, Id consider him jaded and time for
>> retirement.
>
> I have to agree. I have nothing but admiration for the technical
> progress of this work, but I do find the messaging re OpenID over the
> years has been needlessly (and perhaps unintentionally)
> confrontational. Last thing we need is a retread of the unfortunate
> tribalism that was 'microformats versus Upper Case Semantic Web'.
> WebID stands on its strengths. And in some cases, being able to fall
> back to OpenID (eg. from the certless cybercafe PC scenario) is more
> appealing than messing around using a password to install (and then
> remove) a transient WebID cert on an uknown PC.
>
> [...]
>
>> Now, that's too wordy. But, look at the difference in tone. One carps
>> about
>> the competitions most negative points. If I was an openid author, Id be
>> showing no love for webid, at this point (simply because of the tone,
>> taken). The other notes the differences in design schools, arguing our
>> case
>> for eliminating certain openid flows. In doing so, we happen to also
>> indicate the limits of webid, so it's harder to portray our work as
>> something that simply has done insufficient analysis of the
>> requirements.
>
> Yes. A lot of people are enthusiastic about the general ideas behind
> OpenID, but pretty agnostic about the technical details. Others are
> frustrated by the slow adoption%2
Received on Thursday, 28 April 2011 15:34:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC