Simplifying OpenId

Dick Hardt dick at sxip.com
Mon Jan 9 18:52:31 UTC 2006 

You may be successful in communicating the answer, but we may still  
disagree on the approach. :-)

Right now, I don't understand enough about how YADIS does what you  
hint at to even comment on the approach. I see three possible reasons  
on why I don't understand:

1) I am daft and just don't get how YADIS provides a "clean  
foundation" by reading the documentation

2) the conversation happened, everyone on the list is aware, it is  
just not well documented

3) YADIS is a method of discovering the most appropriate protocol to  
use, per the web page http://yadis.org/wiki/Main_Page

"YADIS is a service discovery system allowing relying parties (aka  
identity consumers or membersites) to determine automatically,  
without end-user intervention, the most appropriate protocol to use."


If (1), then perhaps someone can make it less abstract and real for me.

if (2), then perhaps someone can document it, useful for all

if (3), then why not just document <link rel= ...> tags and each  
protocol can work on solving all the issues in their own way?

-- Dick


On 9-Jan-06, at 10:34 AM, Johannes Ernst wrote:

> So I take it, once we successfully communicated the answer to this  
> question to you, you'll be joining YADIS and help make it a success?
>
> On Jan 8, 2006, at 11:35, Dick Hardt wrote:
>
>> I don't see the path for how YADIS provides a "clean foundation"  
>> for building user-controlled identity. Would you elaborate on that  
>> Johannes?
>>
>> I get the protocol discovery, but still think that <link rel= >  
>> works fine for that.
>>
>> btw: if the value of rel was a URI, then the name space issue of  
>> what the <link> tag is all about is dealt with.
>>
>> On 6-Jan-06, at 4:49 PM, Johannes Ernst wrote:
>>
>>> Exactly, why do something cleanly if a hack is just half as  
>>> good? ;-)
>>>
>>> But for those on this list who are still puzzled by this  
>>> question: because YADIS provides a clean foundation to build on  
>>> top of. Authentication against a website -- like OpenID does  
>>> today and LID and friends -- is probably somewhere in the area of  
>>> 1% of what the identity visionaries (Google "identity gang") are  
>>> envisioning that user-controlled identity will turn into:
>>>
>>> Disintermediating eBay would be closer to the 100% than the 0%,  
>>> and that's only one of the examples.
>>>
>>> And one can't hope to build the 100% if one starts kludging after  
>>> 1% of the work is done. So that's why we all agree that YADIS is  
>>> needed.
>>>
>>> (Sorry if you think that I'm continually stating and restating  
>>> the very very obvious, I'm an earthling after all, dear Ford  
>>> Prefect)
>>>
>>> On Jan 6, 2006, at 16:37, Martin Atkins wrote:
>>>
>>>> Johannes Ernst wrote:
>>>>>
>>>>> Let's define yourself a new YADIS capability ... and you are   
>>>>> instantly
>>>>> able to participate in the same framework. That doesn't  mean  
>>>>> that your
>>>>> new SSO can instantly be used to log into LiveJournal  -- but  
>>>>> it means
>>>>> it opens up a defined path for Relying Parties to  recognize  
>>>>> "your" URLs
>>>>> and do something smart with it...
>>>>>
>>>>
>>>> Of course, the same could be said for adding an element to the  
>>>> HTML HEAD:
>>>> <link rel="alexid.server" href="http://www.not-an-openid- 
>>>> server.com/">
>>>>
>>>> Why do we need YADIS, again? :)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> (I'm just joking, by the way!)
>>>
>>> Johannes Ernst
>>> NetMesh Inc.
>>>
>>> <lid.gif>
>>>  http://netmesh.info/jernst
>>>
>>>
>>>
>>>
>
> Johannes Ernst
> NetMesh Inc.
>
> <lid.gif>
>  http://netmesh.info/jernst
>
>
>
>

More information about the yadis mailing list