Questions/answers inline On Sun, Jun 6, 2010 at 11:46 AM, Chris Messina <[email protected]>wrote:
> > On Sat, Jun 5, 2010 at 9:18 PM, Santosh Rajan <[email protected]> wrote: > >> Hi Chris, >> >> After reading your post below. I have a couple of questions. >> >> 1) Instead of calling, the next version of OpenID, as suggested by you >> earlier "OpenID.Connect". Why don't we call it "OpenID.TWITFACE". That would >> be more appropriate. Do you agree? >> > > No, I don't agree. > I am glad you don't agree. We are both in agreement on this one point. > > > >> 2) Who are you working for? If I remember correctly, you are currently >> employed by Google? >> > > I am employed by Google and thus I receive a paycheck from Google. > Great! Now that you are discussing your paycheck in public, What Good Have you done for Google? > > However, I was elected to serve the OpenID Foundation board by the > community for a two year term. > Right! So did those people who voted for you, know that you were going to join Google before those 2 years were up? No they didn't!. So don';t talk about this any more! > > My role on the board is as an advocate for the community and its interests. > If I were put on the board to fill Google's seat, I would advocate for > Google's position. I hope that members of the OpenID community have the > ability to distinguish between both entities, and when I'm speaking at the > behest of one or the other. > Do we have to take this kind of "neither here nor there nonsense anymore?" > > If I can keep these two sets of interests separate — sometimes aligned, > sometimes not — I hope others can as well. > Yeah right! "Your others have already gone into hiding!" > > Chris > > >> >> >> >> On Sat, Jun 5, 2010 at 11:17 PM, Chris Messina >> <[email protected]>wrote: >> >>> On Sat, Jun 5, 2010 at 7:35 AM, Dick Hardt <[email protected]> wrote: >>> >>>> >>>> OAuth 2.0 does NOT solve the problems that OpenID was trying to solve. >>>> It is NOT a distributed identity system. If you can make discovery work for >>>> OAuth, then you can make it work for OpenID. OAuth implementations today do >>>> NOT have discovery. >>>> >>> >>> Perhaps standards groups like the OpenID Foundation operate in a slightly >>> different marketplace-twilight zone, but I'm curious how we define our >>> customers — and how that definition should or shouldn't affect the work that >>> gets done. >>> >>> For example, Luke — representing Facebook — is saying that there's not >>> been sufficient adoption of OpenID over the past several years, and for the >>> use cases that I've cared most about, I would agree with that assessment. It >>> is not the case that OpenID hasn't been adopted — but that OpenID simply >>> isn't the only game in town anymore, and that the market demand in the >>> consumer space was unearthed and capitalized on by the likes of Facebook and >>> Twitter, and NOT the many other OpenID providers. >>> >>> Facebook is saying that they want to work through the OpenID Foundation >>> to help develop a technology solution that is more like what the market has >>> already adopted — but that adds in discovery to aid in decentralizing >>> identity, at least in a very primitive way (hence the Connect proposal). >>> >>> Dick, you seem to be saying that OAuth is not a distributed identity >>> system, but that if discovery were defined for it (along with >>> auto-registration of clients), then it would be useful as a distributed >>> identity technology. Am I getting that right? >>> >>> I think the divide here comes down to whether the OIDF should be focused >>> on what the market demands and is willing to adopt *today*, or instead on >>> the set of technologies that may enable distributed identity solutions >>> *tomorrow*. >>> >>> My fear — which has been consistent — is that if we don't respond to the >>> market's desires today (represented by Facebook, Yahoo, and other's >>> comments) then we won't be part of the conversation when potential adopters >>> are looking for better solutions tomorrow. >>> >>> So, if we spin out the Connect proposal — or cause it so much friction >>> that it can't effectively proceed here — then by the time the ill-named >>> v.Next proposal is completed (with all of the "necessary" use cases >>> addressed), the world may have moved on, and the Foundation proven >>> irrelevant. I don't see it as an all-or-nothing situation, but as others >>> have said, there will be an identity piece baked into OAuth sooner than >>> later, and if that work doesn't happen within the OIDF, we're going to be >>> pitching a product that no one has really said that they want, or are >>> currently signing up to implement, based on the lack of clarity in the >>> description of v.Next today, whereas there are already working prototypes of >>> the Connect proposal in the wild. >>> >>> There needs to be a bridge between OpenID 2.0 — which is a perfectly fine >>> solution for many use cases today — and the next iterations of OpenID 2.x >>> and beyond. >>> >>> Chris >>> >>> >>>> -- Dick >>>> >>>> On 2010-06-04, at 11:14 PM, Luke Shepard wrote: >>>> >>>> > We have complained for years in the OpenID community that we don't see >>>> enough adoption. That we don't have a great mobile story. That the spec is >>>> too complicated. That relying parties can't get the attributes they want. >>>> The fact is that most of the major identity providers have adopted or are >>>> planning to adopt OAuth 2.0 largely because it solves many of those >>>> problems. >>>> > >>>> > I believe in OpenID. I believe in the concept of a decentralized >>>> identity. I think the OpenID Foundation, by bringing together myriad >>>> companies and individuals, is in a unique position to really help bring >>>> cohesive, standardized technology - but only if it responds to the >>>> realities >>>> of the marketplace. >>>> > >>>> > My main goal is to see the next generation of identity technology >>>> built. A secondary goal is that it is built within the OpenID Foundation. I >>>> don't know what the technology will look like exactly - both Nat's and >>>> David's proposals have merit. I think the best way to figure out the tech >>>> is >>>> to implement it, experiment, and try it out in production. I think the >>>> wrong >>>> way to make it happen is to bicker over the exact wording of the working >>>> group before it's even started. >>>> > >>>> > As Allen said, this work will happen - must happen. The main question >>>> to the OpenID Foundation is whether it wants to encourage innovation or >>>> drift into irrelevance. >>>> > >>>> > On Jun 4, 2010, at 10:08 PM, Dick Hardt wrote: >>>> > >>>> >> Hi Allen >>>> >> >>>> >> Thanks for the response. My point in this email is that at the end of >>>> the meeting, it was agreed that Connect was not going to be done in the >>>> OIDF, which means the WG proposal would be withdrawn. With you and David >>>> agreeing on the specs council call that Connect should be a WG, that goes >>>> counter to what we had concluded at the meeting. >>>> >> >>>> >> Note that I was not the one to suggest that Connect was not going to >>>> be in the OIDF, but since that was what everyone had agreed to, there was >>>> no >>>> point in talking about how it would be done in the OIDF. >>>> >> >>>> >> -- Dick >>>> >> >>>> >> >>>> >> On 2010-06-04, at 8:58 PM, Allen Tom wrote: >>>> >> >>>> >>> >>>> >>> Hi Dick, >>>> >>> >>>> >>> Although I might not have expressed this as strongly as I should >>>> have last Friday, I believe that we should be working on an identity layer >>>> for OAuth2 within the OIDF. >>>> >>> >>>> >>> Yahoo will definitely be implementing this, and I would expect that >>>> all other OAuth SPs to do the same. It would definitely simplify things if >>>> we could have a single standard interface that can do everything that >>>> OpenID >>>> 2.0 +AX+Hybrid can do today, and also be extensible to be used for future >>>> services and even for OP specific proprietary APIs as well. >>>> >>> >>>> >>> I expect that an OAuth based identity layer would be widely >>>> implemented and far more widely used than OpenID, making OpenID largely >>>> irrelevant. Therefore, I think it's in the OIDFs best interest to back this >>>> imitative. >>>> >>> >>>> >>> However, on Friday, I did get the impression that there is not >>>> sufficent consensus to move forward. If that's still the case, then there's >>>> no point forcing the issue. The work is going to get done either way. >>>> >>> >>>> >>> Hope that clarifies things >>>> >>> Allen >>>> >>> >>>> >>> >>>> >>> On Jun 4, 2010, at 7:24 PM, Dick Hardt <[email protected]> >>>> wrote: >>>> >>> >>>> >>>> David, Chris, Joseph, Allen >>>> >>>> >>>> >>>> When we met last Friday to discuss how Connect and v.Next would >>>> work together, the four of you had agreed that it would be best doing the >>>> Connect work outside the OIDF. I had come to the meeting to talk about how >>>> we would merge or align the efforts, but since there was consensus to do it >>>> outside, we did not discuss. >>>> >>>> >>>> >>>> From actions I have seen today, it seems that there has been a >>>> change since then and that you are planning on working on Connect per the >>>> original charter. As emailed separately, I have concerns with the charter >>>> as >>>> drafted. >>>> >>>> >>>> >>>> I am very disappointed that I learn about your change in mind by >>>> seeing postings on public mailing lists. >>>> >>>> >>>> >>>> WTF? >>>> >>>> >>>> >>>> -- Dick >>>> >> >>>> >> _______________________________________________ >>>> >> board mailing list >>>> >> [email protected] >>>> >> http://lists.openid.net/mailman/listinfo/openid-board >>>> > >>>> > >>>> > _______________________________________________ >>>> > board mailing list >>>> > [email protected] >>>> > http://lists.openid.net/mailman/listinfo/openid-board >>>> >>>> _______________________________________________ >>>> board mailing list >>>> [email protected] >>>> http://lists.openid.net/mailman/listinfo/openid-board >>>> >>> >>> >>> >>> -- >>> Chris Messina >>> Open Web Advocate, Google >>> >>> Personal: http://factoryjoe.com >>> Follow me on Buzz: http://buzz.google.com/chrismessina >>> ...or Twitter: http://twitter.com/chrismessina >>> >>> This email is: [ ] shareable [X] ask first [ ] private >>> >>> _______________________________________________ >>> board mailing list >>> [email protected] >>> http://lists.openid.net/mailman/listinfo/openid-board >>> >>> >> >> >> -- >> http://hi.im/santosh >> >> >> >> _______________________________________________ >> board mailing list >> [email protected] >> http://lists.openid.net/mailman/listinfo/openid-board >> >> > > > -- > Chris Messina > Open Web Advocate, Google > > Personal: http://factoryjoe.com > Follow me on Buzz: http://buzz.google.com/chrismessina > ...or Twitter: http://twitter.com/chrismessina > > This email is: [ ] shareable [X] ask first [ ] private > > _______________________________________________ > board mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-board > > -- http://hi.im/santosh
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
