On Jun 4, 2006, at 16:16, John Merrells wrote:
Not thinking through all the issues leads to solutions that can't be
built upon. Note that OpenID can move an 'identifier claim'... but
can't move other claims... because it wasn't part of the design
requirements.
Sure you don't mean to imply that nobody can build on OpenID? Today,
there are working and deployed OpenID-enabled identity providers that do
- VCard data exchange
- social network data exchange
- registration data exchange
- authenticated messaging
and there a number in the labs that add a fairly impressive set of
other capabilities ranging from location-based services to social
media and e-commerce enablement. (And that's just the ones I know
about.)
On top of OpenID, no problem whatsoever.
You are entirely right that OpenID's initial requirements were only
about proving that a browser session was owned by somebody who had
control over a certain URL. However, in conjunction with the Yadis
discovery and composition framework, it has become a very
"composable" piece of technology since last fall; for example, at
NetMesh we are running all LID services on top of OpenID
authentication just as well as on top of LID's original GPG-based
authentication. A number of other companies have built on top as well
with new services that meet their customer's needs.
Let's not mistake orthogonality for limitation when looking at designs.
I don't want to take this thread off subject from "WARP - Web
Authentication Resistant to Phishing" -- I just thought I need to put
the record straight here.
Johannes Ernst
NetMesh Inc.
http://netmesh.info/jernst
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
