OAuth standardizes an existing design pattern that had numerous proprietary implementations. Of course it will get "adopted" -- the design pattern is already implemented. People implement OAuth because they want to get access to APIs at a resource. Sure, some of those APIs provide identity data, but it is NOT a distributed identity system.
OAuth 2.0 (aka WRAP) simplifies OAuth so that it is much simpler. OAuth 2.0 does NOT solve the problems that OpenID was trying to solve. It is NOT a distributed identity system. If you can make discovery work for OAuth, then you can make it work for OpenID. OAuth implementations today do NOT have discovery. -- Dick On 2010-06-04, at 11:14 PM, Luke Shepard wrote: > We have complained for years in the OpenID community that we don't see enough > adoption. That we don't have a great mobile story. That the spec is too > complicated. That relying parties can't get the attributes they want. The > fact is that most of the major identity providers have adopted or are > planning to adopt OAuth 2.0 largely because it solves many of those problems. > > I believe in OpenID. I believe in the concept of a decentralized identity. I > think the OpenID Foundation, by bringing together myriad companies and > individuals, is in a unique position to really help bring cohesive, > standardized technology - but only if it responds to the realities of the > marketplace. > > My main goal is to see the next generation of identity technology built. A > secondary goal is that it is built within the OpenID Foundation. I don't know > what the technology will look like exactly - both Nat's and David's proposals > have merit. I think the best way to figure out the tech is to implement it, > experiment, and try it out in production. I think the wrong way to make it > happen is to bicker over the exact wording of the working group before it's > even started. > > As Allen said, this work will happen - must happen. The main question to the > OpenID Foundation is whether it wants to encourage innovation or drift into > irrelevance. > > On Jun 4, 2010, at 10:08 PM, Dick Hardt wrote: > >> Hi Allen >> >> Thanks for the response. My point in this email is that at the end of the >> meeting, it was agreed that Connect was not going to be done in the OIDF, >> which means the WG proposal would be withdrawn. With you and David agreeing >> on the specs council call that Connect should be a WG, that goes counter to >> what we had concluded at the meeting. >> >> Note that I was not the one to suggest that Connect was not going to be in >> the OIDF, but since that was what everyone had agreed to, there was no point >> in talking about how it would be done in the OIDF. >> >> -- Dick >> >> >> On 2010-06-04, at 8:58 PM, Allen Tom wrote: >> >>> >>> Hi Dick, >>> >>> Although I might not have expressed this as strongly as I should have last >>> Friday, I believe that we should be working on an identity layer for OAuth2 >>> within the OIDF. >>> >>> Yahoo will definitely be implementing this, and I would expect that all >>> other OAuth SPs to do the same. It would definitely simplify things if we >>> could have a single standard interface that can do everything that OpenID >>> 2.0 +AX+Hybrid can do today, and also be extensible to be used for future >>> services and even for OP specific proprietary APIs as well. >>> >>> I expect that an OAuth based identity layer would be widely implemented and >>> far more widely used than OpenID, making OpenID largely irrelevant. >>> Therefore, I think it's in the OIDFs best interest to back this imitative. >>> >>> However, on Friday, I did get the impression that there is not sufficent >>> consensus to move forward. If that's still the case, then there's no point >>> forcing the issue. The work is going to get done either way. >>> >>> Hope that clarifies things >>> Allen >>> >>> >>> On Jun 4, 2010, at 7:24 PM, Dick Hardt <[email protected]> wrote: >>> >>>> David, Chris, Joseph, Allen >>>> >>>> When we met last Friday to discuss how Connect and v.Next would work >>>> together, the four of you had agreed that it would be best doing the >>>> Connect work outside the OIDF. I had come to the meeting to talk about how >>>> we would merge or align the efforts, but since there was consensus to do >>>> it outside, we did not discuss. >>>> >>>> From actions I have seen today, it seems that there has been a change >>>> since then and that you are planning on working on Connect per the >>>> original charter. As emailed separately, I have concerns with the charter >>>> as drafted. >>>> >>>> I am very disappointed that I learn about your change in mind by seeing >>>> postings on public mailing lists. >>>> >>>> WTF? >>>> >>>> -- Dick >> >> _______________________________________________ >> board mailing list >> [email protected] >> http://lists.openid.net/mailman/listinfo/openid-board > > > _______________________________________________ > board mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-board _______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
