Re: [OpenID board] Why Connect?

*interesting* is an interesting choice of words to describe the debate -- it is a little embarrassing. As with any community, there are a number of undertones that will not be obvious to those not familiar with the players.


Dan: I appreciated your email to the list about how the discussion looks to the outside, thanks!


-- Dick

On 2010-05-25, at 2:11 AM, Dan Brickley wrote:

> There is an interesting debate going on in the openid-specs mailing
> list, regarding future paths for "OpenID" (as brand, and as
> technology), including its relationship with OAuth. See below for a
> sampler, and some perspective on what those looking to OpenID are
> hoping to get from it.
> 
> Dan
> 
> 
> ---------- Forwarded message ----------
> From: Brian Kissel <bkissel@janrain.com>
> Date: Tue, May 25, 2010 at 7:04 AM
> Subject: RE: [OpenID board] Why Connect?
> To: Eran Hammer-Lahav <eran@hueniverse.com>, Dick Hardt
> <dick.hardt@gmail.com>, Nat Sakimura <sakimura@gmail.com>
> Cc: openid-specs@lists.openid.net, Joseph Smarr <jsmarr@google.com>,
> Robert Harles <rharles@searshc.com>, "OpenID Board (public)"
> <board@lists.openid.net>, Daniel Jacobson <DJacobson@npr.org>,
> fronsms@nytimes.com
> 
> 
> I won't purport to know the answer to some of the tough questions
> we're wrestling with here, but do agree with Eran that whatever we do
> should be "market driven."  To that end, what I'd really like to hear
> is from existing and prospective RPs who are following this list.
> We’ve had plenty of input from OPs and technologists.  If we don't
> have enough input from RPs on this list, how do we get it?  I’ve seen
> a post or two on this thread recently saying that we’ve evolved beyond
> the point where a few folks can say “we know what’s best for the
> market” and others will follow.  I agree with that sentiment, we need
> broader involvement and feedback, not necessarily on the
> specifications, but on the MRDs and PRDs that should be the precursors
> to our specifications work.
> 
> 
> 
> I spoke with Daniel Jacobson of NPR today who is the chairman of the
> Adoption Committee, and a prospective RP, and asked him to provide his
> input to this discussion – which he will be doing shortly.  I've also
> asked Rob Harles of Sears and Marc Frons of the NY Times, both OIDF
> board members, to provide input. At Janrain we're talking to existing
> and prospective RPs every day.  While each have some unique
> requirements, many have similar objectives and concerns.  Here's my
> take so far, but would really like to hear from other existing and
> prospective RPs across a range of applications: social web,
> enterprise, ecommerce, government, news & media, etc.
> 
> 
> 
> ·         They want something that is backward and forward compatible
> if possible.  Ripping and replacing core technologies is painful.  If
> we’re going to make changes that break backwards compatibility (which
> it sounds like both OpenID V.Next and OpenID Connect have the
> potential of doing), let’s make sure that the new platform is
> extensible enough to support future expected use cases and expanded
> functionality – richer industry/application specific data, security
> enhancements, commerce enhancements, reputation management, multiple
> platforms (PC, mobile, game consoles, etc.)  If we do end up having to
> break backward compatibility, let’s make sure we have a clear and
> consistent migration path that’s as seamless as possible for existing
> RPs.  This doesn’t mean that the baseline lowest common denominator
> platform should be complex and difficult to deploy (to the contrary),
> but it should support extensions and enhancements that enable broader
> used cases than the lowest common denominator.
> 
> ·         They want a clear message on how all the related
> technologies can and should work together: OpenID, OAuth, SREG, AX,
> Portable Contacts, Activity Streams, Open Social, Artifact Binding,
> Contract Exchange, Discovery, UX Extension, etc. – both functionality
> and timing (roadmap).
> 
> ·         They want something that is easy to deploy and maintain, and
> intuitive and compelling for end users.  They can accept that for
> advanced features, additional effort and complexity will likely be
> involved.
> 
> ·         They would like to see OPs behave in a consistent and
> predictable way as they evolve and enhance their services.  If OPs
> behave erratically and without clear and timely communications, it’s
> harder to buy into the ecosystem.
> 
> 
> 
> I hope I’ve accurately captured some of the feedback we’ve been
> hearing and if not I trust that the RPs that are monitoring this list
> will provide their feedback and recommendations.
> 
> 
> 
> I’d encourage each of us who is monitoring this list to invite more
> RPs (existing and prospective) to the discussion.
> 
> 
> 
> Cheers,
> 
> Brian
> 
> ___________
> 
> 
> 
> Brian Kissel
> 
> CEO - JanRain, Inc.
> 
> bkissel@janrain.com
> 
> Mobile: 503.342.2668 | Fax: 503.296.5502
> 
> 519 SW 3rd Ave. Suite 600  Portland, OR 97204
> 
> 
> 
> Increase registrations, engage users, and grow your brand with RPX.
> Learn more at www.rpxnow.com
> 
> 
> 
> -----Original Message-----
> From: openid-specs-bounces@lists.openid.net
> [mailto:openid-specs-bounces@lists.openid.net] On Behalf Of Eran
> Hammer-Lahav
> Sent: Monday, May 24, 2010 7:01 PM
> To: Dick Hardt
> Cc: Joseph Smarr; OpenID Board (public); openid-specs@lists.openid.net
> Subject: RE: [OpenID board] Why Connect?
> 
> 
> 
> 
> 
> 
> 
>> -----Original Message-----
> 
>> From: Dick Hardt [mailto:dick.hardt@gmail.com]
> 
>> Sent: Monday, May 24, 2010 6:20 PM
> 
>> To: Eran Hammer-Lahav
> 
>> Cc: Allen Tom; David Recordon; Joseph Smarr; OpenID Board (public);
> 
>> openid-specs@lists.openid.net
> 
>> Subject: Re: [OpenID board] Why Connect?
> 
>> 
> 
>> 
> 
>> On 2010-05-24, at 6:08 PM, Eran Hammer-Lahav wrote:
> 
>> 
> 
>>> The question is:
> 
>>> 
> 
>>> Is the OIDF interested in taking the lead in building an identity layer for
> 
>> OAuth 2.0?
> 
>>> 
> 
>>> I'm willing to bet that if the answer is no, it will be the beginning of the end
> 
>> for OpenID. OAuth 2.0 + identity will fully cover the OpenID 2.0 use cases in a
> 
>> cleaner, more secure way.
> 
>> 
> 
>> OpenID Connect as currently envisioned misses many of the internet identity
> 
>> use cases.
> 
> 
> 
> And covers most of the ones desired by those currently implementing
> OpenID. For those using OpenID 2.0 today, this proposal offers a full
> and significantly better replacement. This proposal is 100%
> market-driven, which is not something I can say about OpenID now or in
> the past. This proposal is driven by developers, providers, and end
> users.
> 
> 
> 
>>> 
> 
>>> This is very much an issue of timing. If the problem is the name, call it the
> 
>> "OAuth Identity Framework",
> 
>> 
> 
>> OpenID Connect has very little to do with OpenID, and lots to do with OAuth.
> 
>> That sounds like a better name.
> 
> 
> 
> True if you define OpenID as nothing but a protocol. But if that is
> your definition, I think OpenID best days are behind it. People don't
> care about protocols, they care about products. I think it would be a
> mistake for the OpenID foundation to let OAuth take over such a huge
> chunk of the current OpenID use cases.
> 
> 
> 
>>> leaving OpenID to be whatever the v.next WG decides it will be a year or
> 
>> two from now.
> 
>> 
> 
>> That sounds like a challenge I am will to take on. :)
> 
> 
> 
> Well, that's something the foundation will have to figure out. All I
> can do is offer my perspective.
> 
> 
> 
> EHL
> 
> _______________________________________________
> 
> specs mailing list
> 
> specs@lists.openid.net
> 
> http://lists.openid.net/mailman/listinfo/openid-specs
> 
> _______________________________________________
> specs mailing list
> specs@lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>

Received on Tuesday, 25 May 2010 13:55:12 UTC