On May 26, 2010, at 5:12 AM, Dan Brickley wrote: > On Wed, May 26, 2010 at 10:22 AM, Eran Hammer-Lahav <[email protected]> > wrote: >> Discussing the name is a distraction. The issue is whether the OpenID >> foundation wants to be where identity work is done, or where the OpenID >> protocol (and nothing else) is done. Again, the question is very simple: >> OAuth is going to have an identity layer (that's a done deal) - do you want >> to work on it here under the OpenID foundation or not? > > > It's not that entirely that simple. There are apparently other > (different but with some commonality?) ideas for a next phase of > OpenID activity, the v.Next stuff. So the Foundation also needs to > decide whether to do both in parallel and let 'the market' decide, > whether to map out some dependencies, shared technology components or > even try for a common design, or whether to say "thanks but no thanks" > to one of the proposals. It also needs to decide how much of that > deciding to do up front (in the board) versus in chartered working > group(s).
OpenID started as a protocol but has become a brand. The use of the OpenID name/brand is something that the OpenID Foundation controls. David and friends have suggested a new, non-backwards compatible protocol and by naming it OpenID Connect they obviously desire to leverage the OpenID brand. So it all comes down to a decision as to what the OIDF board wants that brand to mean. With all the confusion in the identity space, I think OpenID to evolve from being the current (can you say legacy?) OpenID protocol, to the name for a coherent-as-possible set of protocols & libraries, etc. that solve a fairly wide range of the Internet's identity problems. If the foundation goes in that direction it could bring under one roof/brand a coordination point for a range of efforts. In addition to coordinating protocol work, we should raise the priority of two other things: UX & RP enablement. We could try to make a consistent-as-possible UX across the OpenID family of protocols. And we could invest in creating some really robust, cross-protocol libraries so that RPs can easily add support for the entire OpenID family (Legacy, Connect, and V.Next). Gotta make this stuff easy for RPs to deploy. > > Framing this bluntly as a 'take it or leave it' ultimatum looks (to a > relative outsider) a little brutal, but I say that cautiously as I've > not been party to any of the backstory or detailed debates. > >> Everything else (like naming, migration path from OpenID 2.0 to OAuth 2.0 >> identity) is stuff for the WG to figure out. >> >> This is a fundamental question far beyond all this geek talk: what is the >> purpose of this community? Where are its boundaries? Is this the hub of web >> identity work, or just one tiny piece of it? >> >> I'm happy with any answer. > > Fair questions. There are folk on the foaf-protocols list working with > foaf+ssl, and in the W3C social Web incubator group who are also very > interested in answers... Indeed. Although the foaf+ssl is considered a "fringe" group by the OpenID (and other) communities there's some great stuff there that should be brought forward as an input to OpenID v.next.
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
