On Sat, Jun 5, 2010 at 9:18 PM, Santosh Rajan <[email protected]> wrote:
> Hi Chris, > > After reading your post below. I have a couple of questions. > > 1) Instead of calling, the next version of OpenID, as suggested by you > earlier "OpenID.Connect". Why don't we call it "OpenID.TWITFACE". That would > be more appropriate. Do you agree? > No, I don't agree. > 2) Who are you working for? If I remember correctly, you are currently > employed by Google? > I am employed by Google and thus I receive a paycheck from Google. However, I was elected to serve the OpenID Foundation board by the community for a two year term. My role on the board is as an advocate for the community and its interests. If I were put on the board to fill Google's seat, I would advocate for Google's position. I hope that members of the OpenID community have the ability to distinguish between both entities, and when I'm speaking at the behest of one or the other. If I can keep these two sets of interests separate — sometimes aligned, sometimes not — I hope others can as well. Chris > > > > On Sat, Jun 5, 2010 at 11:17 PM, Chris Messina <[email protected]>wrote: > >> On Sat, Jun 5, 2010 at 7:35 AM, Dick Hardt <[email protected]> wrote: >> >>> >>> OAuth 2.0 does NOT solve the problems that OpenID was trying to solve. It >>> is NOT a distributed identity system. If you can make discovery work for >>> OAuth, then you can make it work for OpenID. OAuth implementations today do >>> NOT have discovery. >>> >> >> Perhaps standards groups like the OpenID Foundation operate in a slightly >> different marketplace-twilight zone, but I'm curious how we define our >> customers — and how that definition should or shouldn't affect the work that >> gets done. >> >> For example, Luke — representing Facebook — is saying that there's not >> been sufficient adoption of OpenID over the past several years, and for the >> use cases that I've cared most about, I would agree with that assessment. It >> is not the case that OpenID hasn't been adopted — but that OpenID simply >> isn't the only game in town anymore, and that the market demand in the >> consumer space was unearthed and capitalized on by the likes of Facebook and >> Twitter, and NOT the many other OpenID providers. >> >> Facebook is saying that they want to work through the OpenID Foundation to >> help develop a technology solution that is more like what the market has >> already adopted — but that adds in discovery to aid in decentralizing >> identity, at least in a very primitive way (hence the Connect proposal). >> >> Dick, you seem to be saying that OAuth is not a distributed identity >> system, but that if discovery were defined for it (along with >> auto-registration of clients), then it would be useful as a distributed >> identity technology. Am I getting that right? >> >> I think the divide here comes down to whether the OIDF should be focused >> on what the market demands and is willing to adopt *today*, or instead on >> the set of technologies that may enable distributed identity solutions >> *tomorrow*. >> >> My fear — which has been consistent — is that if we don't respond to the >> market's desires today (represented by Facebook, Yahoo, and other's >> comments) then we won't be part of the conversation when potential adopters >> are looking for better solutions tomorrow. >> >> So, if we spin out the Connect proposal — or cause it so much friction >> that it can't effectively proceed here — then by the time the ill-named >> v.Next proposal is completed (with all of the "necessary" use cases >> addressed), the world may have moved on, and the Foundation proven >> irrelevant. I don't see it as an all-or-nothing situation, but as others >> have said, there will be an identity piece baked into OAuth sooner than >> later, and if that work doesn't happen within the OIDF, we're going to be >> pitching a product that no one has really said that they want, or are >> currently signing up to implement, based on the lack of clarity in the >> description of v.Next today, whereas there are already working prototypes of >> the Connect proposal in the wild. >> >> There needs to be a bridge between OpenID 2.0 — which is a perfectly fine >> solution for many use cases today — and the next iterations of OpenID 2.x >> and beyond. >> >> Chris >> >> >>> -- Dick >>> >>> On 2010-06-04, at 11:14 PM, Luke Shepard wrote: >>> >>> > We have complained for years in the OpenID community that we don't see >>> enough adoption. That we don't have a great mobile story. That the spec is >>> too complicated. That relying parties can't get the attributes they want. >>> The fact is that most of the major identity providers have adopted or are >>> planning to adopt OAuth 2.0 largely because it solves many of those >>> problems. >>> > >>> > I believe in OpenID. I believe in the concept of a decentralized >>> identity. I think the OpenID Foundation, by bringing together myriad >>> companies and individuals, is in a unique position to really help bring >>> cohesive, standardized technology - but only if it responds to the realities >>> of the marketplace. >>> > >>> > My main goal is to see the next generation of identity technology >>> built. A secondary goal is that it is built within the OpenID Foundation. I >>> don't know what the technology will look like exactly - both Nat's and >>> David's proposals have merit. I think the best way to figure out the tech is >>> to implement it, experiment, and try it out in production. I think the wrong >>> way to make it happen is to bicker over the exact wording of the working >>> group before it's even started. >>> > >>> > As Allen said, this work will happen - must happen. The main question >>> to the OpenID Foundation is whether it wants to encourage innovation or >>> drift into irrelevance. >>> > >>> > On Jun 4, 2010, at 10:08 PM, Dick Hardt wrote: >>> > >>> >> Hi Allen >>> >> >>> >> Thanks for the response. My point in this email is that at the end of >>> the meeting, it was agreed that Connect was not going to be done in the >>> OIDF, which means the WG proposal would be withdrawn. With you and David >>> agreeing on the specs council call that Connect should be a WG, that goes >>> counter to what we had concluded at the meeting. >>> >> >>> >> Note that I was not the one to suggest that Connect was not going to >>> be in the OIDF, but since that was what everyone had agreed to, there was no >>> point in talking about how it would be done in the OIDF. >>> >> >>> >> -- Dick >>> >> >>> >> >>> >> On 2010-06-04, at 8:58 PM, Allen Tom wrote: >>> >> >>> >>> >>> >>> Hi Dick, >>> >>> >>> >>> Although I might not have expressed this as strongly as I should have >>> last Friday, I believe that we should be working on an identity layer for >>> OAuth2 within the OIDF. >>> >>> >>> >>> Yahoo will definitely be implementing this, and I would expect that >>> all other OAuth SPs to do the same. It would definitely simplify things if >>> we could have a single standard interface that can do everything that OpenID >>> 2.0 +AX+Hybrid can do today, and also be extensible to be used for future >>> services and even for OP specific proprietary APIs as well. >>> >>> >>> >>> I expect that an OAuth based identity layer would be widely >>> implemented and far more widely used than OpenID, making OpenID largely >>> irrelevant. Therefore, I think it's in the OIDFs best interest to back this >>> imitative. >>> >>> >>> >>> However, on Friday, I did get the impression that there is not >>> sufficent consensus to move forward. If that's still the case, then there's >>> no point forcing the issue. The work is going to get done either way. >>> >>> >>> >>> Hope that clarifies things >>> >>> Allen >>> >>> >>> >>> >>> >>> On Jun 4, 2010, at 7:24 PM, Dick Hardt <[email protected]> wrote: >>> >>> >>> >>>> David, Chris, Joseph, Allen >>> >>>> >>> >>>> When we met last Friday to discuss how Connect and v.Next would work >>> together, the four of you had agreed that it would be best doing the Connect >>> work outside the OIDF. I had come to the meeting to talk about how we would >>> merge or align the efforts, but since there was consensus to do it outside, >>> we did not discuss. >>> >>>> >>> >>>> From actions I have seen today, it seems that there has been a >>> change since then and that you are planning on working on Connect per the >>> original charter. As emailed separately, I have concerns with the charter as >>> drafted. >>> >>>> >>> >>>> I am very disappointed that I learn about your change in mind by >>> seeing postings on public mailing lists. >>> >>>> >>> >>>> WTF? >>> >>>> >>> >>>> -- Dick >>> >> >>> >> _______________________________________________ >>> >> board mailing list >>> >> [email protected] >>> >> http://lists.openid.net/mailman/listinfo/openid-board >>> > >>> > >>> > _______________________________________________ >>> > board mailing list >>> > [email protected] >>> > http://lists.openid.net/mailman/listinfo/openid-board >>> >>> _______________________________________________ >>> board mailing list >>> [email protected] >>> http://lists.openid.net/mailman/listinfo/openid-board >>> >> >> >> >> -- >> Chris Messina >> Open Web Advocate, Google >> >> Personal: http://factoryjoe.com >> Follow me on Buzz: http://buzz.google.com/chrismessina >> ...or Twitter: http://twitter.com/chrismessina >> >> This email is: [ ] shareable [X] ask first [ ] private >> >> _______________________________________________ >> board mailing list >> [email protected] >> http://lists.openid.net/mailman/listinfo/openid-board >> >> > > > -- > http://hi.im/santosh > > > > _______________________________________________ > board mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-board > > -- Chris Messina Open Web Advocate, Google Personal: http://factoryjoe.com Follow me on Buzz: http://buzz.google.com/chrismessina ...or Twitter: http://twitter.com/chrismessina This email is: [ ] shareable [X] ask first [ ] private
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
