david at sixapart.com
Fri Oct 28 20:04:33 PDT 2005
Seems Brad and I were both working on an email at the same time. I just
want to echo everything he has said, although take a bit of the
responsibility of the document as well. Once the three of us figured
out the technical side of the discovery protocol, it fell a bit outside
of Brad's court.
Over the next few days, we should be receiving more feedback from the
XriTc in regards to using their proposed XML document for service
discovery. This means interoperability with i-Names and other proposals
based upon XRI will be possible as well as using a OASIS approved
format. While I have to say I didn't understand their proposal before
Thursday, talking it through, and whiteboard drawings, with them only
showed how similar the two ideas are. By the end it was as if Gabe
Wachob, Drummond Reed, and myself we're all finishing each other's
thoughts. We have expressed that one of the requirements is keeping it
all light-weight, meaning simple XML. Ideally we will have a sample
document within the next few days.
If there is one thing I've learned from all of this is that we did a
fairly poor job expressing what we meant to express.
From: yadis-bounces at lists.danga.com
[mailto:yadis-bounces at lists.danga.com] On Behalf Of Brad Fitzpatrick
Sent: Friday, October 28, 2005 7:50 PM
To: Kurt Raschke
Cc: yadis at lists.danga.com; Adrian.Blakey at kp.org
Subject: Re: Announcing YADIS...again
Whoa, whoa, confusion, everybody....
YADIS is not an identity/auth protocol at all. It's just a capability
discovery protocol. In practice it'll say "I only do OpenID" or "I do
LID" or "I do OpenID and Sxip" or "I do LID and Foo."
It's a hacky solution until more work is done in the identity space, but
a very needed one. The idea of YADIS was incredibly well received by
nearly everybody at the 2005 Internet Identity Workshop this week. We
may end up using XRI's XRID stuff for capability payloads (which are
pretty much identical to the mock example YADIS ones), but /something/
While all the identity players are trying to figure this stuff out, we
need to at least announce what rules we're playing by.
As far as OpenID and LID go, that's entirely outside YADIS, but version
2.0 of either OpenID or LID (or what their new name together is) will
require something like YADIS to exist for consumers (aka "relying
membersites") to cope well.
More than likely OpenID and LID will merge but will have a bunch of
optional components. In the bare most minimal state, supporting no
capabilities except OpenID auth, it'll be exactly OpenID 1.0 as it is
As for Six Apart sprinkling buzzwords to sell identity solutions or
whatever that rubbish I heard was: false. Six Apart didn't write that
document... NetMesh (Johannes of LID) did. So blame him. :-)
Hopefully this sheds some light on things.
On Fri, 28 Oct 2005, Kurt Raschke wrote:
> On Oct 28, 2005, at 6:52 PM, Adrian.Blakey at kp.org wrote:
> > Yadis is a very serious attempt made by some seriously smart people
> > to develop someting useful.
> And where is the evidence of this? As pointed out by several others
> on the list (NOT just me), all we have thus far is a set of buzzword-
> riddled specifications that seem to ruin the simplicity of OpenID by
> apparently merging it with LID, a far-from-lightweight protocol.
> > Stop complaining.
> If you want me to stop complaining, then show me hard evidence that
> YADIS is an improvement over OpenID. I would not say that
> interoperability alone is an improvement. As Martin Atkins noted,
> intermediaries and multi-protocol identity servers are both feasible
> solutions to the problem of multiple, incompatible identity protocols
> that don't require tampering with existing protocols. Look at
> TypeKey, for example. TypeKey added OpenID support, and now every
> TypeKey user has an OpenID identity as well. They could just as
> easily add support for LID or whatever the next big identity protocol
> is, without requiring consumers to change anything.
> YADIS, on the other hand, seems to want for every party to be _both_ a
> LID and OpenID producer or consumer, and that doesn't make sense.
> How does that improve LID? How does that improve OpenID? It makes
> OpenID bulkier, and I can't see at all what it does for LID. Similar
> to the situation with TypeKey, if an OpenID producer site wants its
> users to have LID identities as well, they're free to add that
> functionality if they want. And it certainly doesn't take the bulk of
> YADIS to do that.
> Finally: Is stand-alone OpenID as it exists today going away? If
> not, then I'll shut up. But if OpenID (a useful, lightweight
> protocol) as we know it is going away, then I think there needs to be
> a serious discussion of the merits of this decision.
> And can we keep this on-list, please?
More information about the yadis