[OpenID] On OpenID 2.0

Fen Labalme fen at 2idi.com
Tue May 1 09:39:25 PDT 2007


Hi Drummond -

Ever hear of the "worse is better" paradigm?  It sounds like all of your
excellent and hard work on the 2.0 spec may get lost in the sauce, as
reasonable people like short, easy to understand and implement specs.  I have
been a strong proponent of OpenID 2.0 primarily due to XRI/Yadis discovery and
secondarily because of attribute exchange.  But the former has been backported
to OpenID 1.1 and there are rumblings about doing the same with AX.

Unless you can make it simple, people won't adopt it.

Something scares me right now: OpenID is about to be adopted by the Drupal
community, which means tens of thousands of users overnight, and millions soon
after.  But the OpenID module doesn't have XRI in it in any form, and
non-XRI-enabled OpenID is IMO just plain broken.  Most OpenID developers don't
understand why, though, as no one has mad a clear and more importantly concise
explanation of the advantages that XRI syntax extensions, service discovery,
etc. provide.  A large, dense spec is *not* the answer.  And I don't feel
qualified to propose an answer either at this point.  My take on it is that
after almost 30 years searching for a mechanism that can truly support my
personal holy grail of "personalization with privacy", XRI is the only
technology that I have seen that passes my "smell test". ;-) Now that XRI is
in OpenID 1.2, OpenID may have what I need (I have to revisit it).

The Drupal Community won't use the JanRain libraries, as Drupal is anti-PEAR
(the PHP extension library).  So to get XRI in there, some sort of lightweight
XRI proxy or redirect system needs to be implemented, if possible.  To me,
this is the single most important development thread that could occur today in
the OpenID space.

Can we find some PHP developers who also know XRI to take this on?

Thanks,
=Fen

ref: http://en.wikipedia.org/wiki/Worse_is_Better


Recordon, David wrote:
> Yes, in many senses 2.0 grew so large because of the "some
> clarifications".
> 
> I think in some senses the question is how do you write the 2.0 (or
> whatever it is called) spec in such a way that is light-weight and
> simple (like 1.1), yet clarifying everything needed so that it is more
> of a "spec".  This is where I think things have broken down, 1.1 was a
> web-page, it then got ported to the RFC format, and now 2.0 looks like a
> real spec.  I think this is more of the "running away arms flailing"
> issue, not the content within it.
> 
> --David
> 
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Dick Hardt
> Sent: Monday, April 30, 2007 2:01 PM
> To: Martin Atkins
> Cc: general at openid.net
> Subject: Re: [OpenID] On OpenID 2.0
> 
> 
> On 30-Apr-07, at 11:47 AM, Martin Atkins wrote:
> 
>> Dick Hardt wrote:
>>> SREG was really useful and many sites use it, but it is limited.
>>> Attribute Exchange requires OpenID 2.0, and may be the driver for RPs
> 
>>> to upgrade to 2.0 once the AX spec is done and OPs upgrade.
>>>
>> Does AX require anything else from Auth 2.0 apart from the extension 
>> mechanism?
>>
>> If AX is indeed a "killer app", I expect that people would find a way 
>> to backport it to 1.1 just as they did for Yadis and XRI.
> 
> If you have Yadis, XRI, extensions, and some clarifications then you
> pretty much have the 2.0 spec!
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

-- 
http://xri.net/=Fen.Labalme


More information about the general mailing list