- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 27 Mar 2022 17:13:29 -0400
- To: public-credentials@w3.org
On 3/25/22 11:33 AM, Mike Jones wrote: > Rather than encouraging centralization, OpenID Connect was explicitly > designed to give people choice of their identity providers (including being > able to be their own identity provider – which is true of both SIOP v1 and > SIOP v2). Yet, the vast majority of us that are exposed to OIDC-based social login have no such choice (for the reasons elaborated on in this thread). It's been argued in this thread that this isn't the fault of the protocol, but that's being challenged. There ARE things that OIDC4V* could do differently at a protocol level to greatly reduce these centralization forces... but the first step in that is to accept that these centralization forces exist. > That some RPs didn't facilitate that choice enabled by OpenID Connect > isn't a valid reason to criticize either the OpenID Connect protocol or > the community behind it. It is a valid criticism of the protocol. We should also not mistake criticisms of protocols to be personal attacks against any individual. There are no sacred cows here -- we need to call out failings of previous protocols and acknowledge those mistakes if we are to actually solve these problems. Especially if we see the same mistakes being made again. We, also, need to call out failings in CCG protocols and work in order to be intellectually honest about what we are and are not solving for. CHAPI, VC API, and VPR have issues as well, ones that have mitigations, and perhaps it'll behoove us to review them again, because it's clear at this point that there are people that are new to this conversation that could probably benefit from a review. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Sunday, 27 March 2022 21:13:45 UTC