John, that's a very good question. For the OPs on the list, how many of you envision evolving your services to LoA 2 if a clear path could be developed and agreed to?
We should certainly not constrain ourselves to what current OPs intend to support, but we should also be pragmatic about the rate at which we evolve the technology cognizant of whether and when any OPs would commit to making the necessary changes to support the upgrade. Looking forward to feedback from others. Brian ___________ Brian Kissel<http://www.linkedin.com/pub/0/10/254> CEO, JanRain - OpenID-enable your websites, customers, partners, and employees 5331 SW Macadam Ave., Suite 375, Portland, OR 97239 Email: [email protected]<mailto:[email protected]> Cell: 503.866.4424 Fax: 503.296.5502 From: [email protected] [mailto:[email protected]] On Behalf Of John Bradley Sent: Thursday, August 13, 2009 10:00 AM To: Chris Messina Cc: [email protected] Subject: Re: specs Digest, Vol 36, Issue 1 Chris I think we are agreeing. OpenID needs to play to it's strengths. Chasing shiny things is tempting. We need to carefully consider the impact of changes. That is not to say that openID shouldn't evolve. There are always tradeoffs. Remember that a GSA LoA 2 or 3 profile is focused on the Gov accepting the assertions for specific uses. Other people are free to make there own determinations for other use cases. I am interested in finding out if IdP really want to be certified at LoA 2 with all of the extra identity proofing, liability and other things that go with that. A LoA 2 certification for a IdP involves a lot more than just tweaking some protocol peaces. Are there OPs that want that? John B. On 13-Aug-09, at 9:11 AM, Chris Messina wrote: On Thu, Aug 13, 2009 at 8:34 AM, John Bradley <[email protected]<mailto:[email protected]>> wrote: Some may ask if we add artifact binding, signatures and encryption are we not reinventing SAML Web SSO, or something of equal complexity? I would like to know more about this, but my instinct is always to say "NO" for as long as possible when any new feature will a) introduce complexity and b) stifle or impair potential adoption. That we've come as far as we have is a feat; maintaining that momentum is critical - and that means making good on the promise of what OpenID offers *today* - and only extending it with real world examples where people are implementing kludges (en masse) to serve a common need. Chris -- Chris Messina Open Web Advocate Personal: http://factoryjoe.com Follow me on Twitter: http://twitter.com/chrismessina Citizen Agency: http://citizenagency.com Diso Project: http://diso-project.org OpenID Foundation: http://openid.net This email is: [ ] bloggable [X] ask first [ ] private __________ Information from ESET NOD32 Antivirus, version of virus signature database 4330 (20090812) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4332 (20090813) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
