W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

RE: the openid para

From: peter williams <home_pw@msn.com>
Date: Thu, 28 Apr 2011 08:53:31 -0700
Message-ID: <SNT143-ds16D231592A54673AD8451E929B0@phx.gbl>
To: <jeff@sayremedia.com>, <public-xg-webid@w3.org>
I begged for a rewriting on that particular point, and you guys did it.
Thanks. I don't have much reputation to preserve in openid-land, but what
there is was not disaparaged. I can go there, still stare at the floor, but
at least I can be in the room.

Despite the toning down, the underlying orientation of the group still came
through - wanting to define webid in terms of the "original sin" of foaf not
being adopted by the openid community (per some founder ideas, apparently).
Folks have not moved on. The original sin has become a prayer; and an
institutionalized ceremony to remind the faithful. Anyone in the know can
hear the refrain. I hear it, and so do others.

We don't want a new submission. We have to live with our flaws, once made.
We lost a grade because of tone. What we can do is re-set the tone, for the
next paper and the oral work at the id conference (if these authors are
invited). The latter is obviously a (friendly) negotiation forum, and I'll
bet 80% of the acceptance criteria are about detecting whether there is a
negotiation attitude - so the result allows the whole browser group to focus
100% on adoption of several modern id mgt solutions (and not just repeat the
technology rants about evil ISO X.509, drivel on about Passport, or relive
OASIS/W3C conflicts about enterprise-centric web dating back a decade).






-----Original Message-----
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
On Behalf Of Jeff Sayre
Sent: Thursday, April 28, 2011 8:34 AM
To: public-xg-webid@w3.org
Subject: Re: the openid para

The issue of being more inclusive and less confrontational regarding OpenID
was brought up last week. Believe it or not, the section on OpenID that is
now in the position paper is the rewritten, more friendly version!

As Henry points out, with a limited amount of space (and limited amount of
time), it is not easy to get every detail right.

Of course, it is important that we clearly differentiate the differences
between OpenID and WebID. Although the section could perhaps be less
assertive about them, I think it is crucial that people clearly understand
them. There are a number of additional advantages that WebID offers compared
to OpenID. We chose to leave them out due to space limitations and not
wanting to seem negative about OpenID.

I do no think we are snubbing our noses at the wonderful technological
progress that the OpenID community brought to the identity issue. We are
acknowledging OpenID and then saying that WebID is the next generation.

I suppose we could alter the paragraph, but I'm not too sure whether we can
officially resubmit past the deadline. Even if we can, does it make that big
of a difference? Our oral presentation can better build the bridge between
OpenID and WebID in a manner that gives OpenID its proper respect.

> On 28 April 2011 04:50, peter williams <home_pw@msn.com> wrote:
>>
>> "OpenID reduces the account multiplication issue by allowing users to 
>> login to every site using the same global identifier. This provides a 
>> base from which WebId can be deployed, procuring the following extra 
>> advantages:
>> Protocol simplicity: the WebID protocol is a lot simpler, requiring 
>> only one more connection over and above the connection to the 
>> requested resource, where the result is cacheable. OpenID requires 
>> seven TLS connections, significantly more than WebID. These 
>> additional steps create opportunities for denial of service attacks, 
>> making it more difficult to secure and to debug."
>>
>> I think we are still learning to make effective pitches. The above, 
>> for example, now submitted, sounds somewhat catty. If my sales team 
>> used that tone about our competition, Id consider him jaded and time 
>> for retirement.
>
> I have to agree. I have nothing but admiration for the technical 
> progress of this work, but I do find the messaging re OpenID over the 
> years has been needlessly (and perhaps unintentionally) 
> confrontational. Last thing we need is a retread of the unfortunate 
> tribalism that was 'microformats versus Upper Case Semantic Web'.
> WebID stands on its strengths. And in some cases, being able to fall 
> back to OpenID (eg. from the certless cybercafe PC scenario) is more 
> appealing than messing around using a password to install (and then
> remove) a transient WebID cert on an uknown PC.
>
> [...]
>
>> Now, that's too wordy. But, look at the difference in tone. One carps 
>> about the competitions most negative points. If I was an openid 
>> author, Id be showing no love for webid, at this point (simply 
>> because of the tone, taken). The other notes the differences in 
>> design schools, arguing our case for eliminating certain openid 
>> flows. In doing so, we happen to also indicate the limits of webid, 
>> so it's harder to portray our work as something that simply has done 
>> insufficient analysis of the requirements.
>
> Yes. A lot of people are enthusiastic about the general ideas behind 
> OpenID, but pretty agnostic about the technical details. Others are 
> frustrated by the slow adoption%2
Received on Thursday, 28 April 2011 15:53:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC