Comments on: Two tastes better together: Combining OpenID and OAuth with OpenID Connect http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/ This can all be made better. Ready? Begin. Tue, 18 Jan 2011 00:50:29 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: What I would change in OAuth « mixedpuppy http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118733 What I would change in OAuth « mixedpuppy Wed, 05 Jan 2011 02:45:06 +0000 http://factoryjoe.com/blog/?p=1919#comment-118733 [...] Maybe what I really want is OpenID Connect [...] [...] Maybe what I really want is OpenID Connect [...]

]]> By: Dan http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118612 Dan Tue, 19 Oct 2010 18:30:34 +0000 http://factoryjoe.com/blog/?p=1919#comment-118612 I agree with nm. I value my privacy a lot (see my fake e-mail), and OpenID delivers on that part - much more than Facebook or others. And while we're at it: why hasn't anyone specified e-mail like IDs for OpenID yet? You put in me@yahoo.com and the website heads over to yahoo to present you (a usarname-pre-filled) login screen. I agree with nm. I value my privacy a lot (see my fake e-mail), and OpenID delivers on that part – much more than Facebook or others.

And while we’re at it: why hasn’t anyone specified e-mail like IDs for OpenID yet? You put in me@yahoo.com and the website heads over to yahoo to present you (a usarname-pre-filled) login screen.

]]> By: OpenID vs. Facebook Connect / Twitter Connect « Sapientia et Doctrina http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118212 OpenID vs. Facebook Connect / Twitter Connect « Sapientia et Doctrina Mon, 24 May 2010 22:43:54 +0000 http://factoryjoe.com/blog/?p=1919#comment-118212 [...] a comment » According to Chris Messina  (and I agree): OpenID, by design, favors the user rather than the relying [...] [...] a comment » According to Chris Messina  (and I agree): OpenID, by design, favors the user rather than the relying [...]

]]> By: Sapientia et Doctrina http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118213 Sapientia et Doctrina Mon, 24 May 2010 22:43:54 +0000 http://factoryjoe.com/blog/?p=1919#comment-118213 <strong>OpenID vs. Facebook Connect / Twitter Connect...</strong> According to Chris Messina  (and I agree): OpenID, by design, favors the user rather than the relying party. In contrast, technologies like Facebook and Twitter Connect emphasize the benefits to relying parties. So while it might seem like an inconveni... OpenID vs. Facebook Connect / Twitter Connect…

According to Chris Messina  (and I agree): OpenID, by design, favors the user rather than the relying party. In contrast, technologies like Facebook and Twitter Connect emphasize the benefits to relying parties. So while it might seem like an inconveni…

]]> By: Saqib Ali http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118211 Saqib Ali Mon, 24 May 2010 20:23:19 +0000 http://factoryjoe.com/blog/?p=1919#comment-118211 @theharmonyguy: Now sure if this kinda answers your question, but here is how Chris describes Connect: Connect = Profile (identity, accounts, profiles) + Relationships (followers, friends, contacts) + Content (posts, photos, videos, links) + Activity (poked, bought, shared, blogged) @theharmonyguy:

Now sure if this kinda answers your question, but here is how Chris describes Connect:

Connect = Profile (identity, accounts, profiles) + Relationships (followers, friends, contacts) + Content (posts, photos, videos, links) + Activity (poked, bought, shared, blogged)

]]> By: Jake Levine http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118177 Jake Levine Tue, 18 May 2010 22:24:15 +0000 http://factoryjoe.com/blog/?p=1919#comment-118177 Well there's one answer to my question: http://www.slideshare.net/Kaliya/iiw10 Well there’s one answer to my question: http://www.slideshare.net/Kaliya/iiw10

]]> By: Jake Levine http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118170 Jake Levine Tue, 18 May 2010 04:14:44 +0000 http://factoryjoe.com/blog/?p=1919#comment-118170 Thanks Chris, thoughtful as usual. What seems to be missing from conversations around OpenID, and from the digital identity conversation in general, is a stated position on what we think online identity should look like in 2020. We should clarify not only the vision for the social web, but why normals should support that vision. Given that most of the designers/coders/entrepreneurs involved in OpenID come from a similar pedigree, it may be useful to take a step back and consider the assumptions embedded in the digital details - why does choice matter? why does privacy matter? why should online interaction mimic the offline world? is the goal to augment or replace offline connections, or are watching the creation of a new category of connection? In trying to explain the vision for OpenID over the last few months I've had a hard time 1) locating it and 2) explaining WHY it matters. We ought to spend as much time on simplicity and clarity of vision as simplicity and clarity of button. Jake Thanks Chris, thoughtful as usual.

What seems to be missing from conversations around OpenID, and from the digital identity conversation in general, is a stated position on what we think online identity should look like in 2020. We should clarify not only the vision for the social web, but why normals should support that vision.

Given that most of the designers/coders/entrepreneurs involved in OpenID come from a similar pedigree, it may be useful to take a step back and consider the assumptions embedded in the digital details –

why does choice matter? why does privacy matter? why should online interaction mimic the offline world? is the goal to augment or replace offline connections, or are watching the creation of a new category of connection?

In trying to explain the vision for OpenID over the last few months I’ve had a hard time 1) locating it and 2) explaining WHY it matters. We ought to spend as much time on simplicity and clarity of vision as simplicity and clarity of button.

Jake

]]> By: nm http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118168 nm Tue, 18 May 2010 02:28:19 +0000 http://factoryjoe.com/blog/?p=1919#comment-118168 I think any new iteration of OpenID where (more) privacy is given up is wrong and unnecessary. OpenID in its current incarnation failed to get traction because of the anti-pattern of using urls instead of email addresses/usernames not because of a lack of personal information identifiers. Without having looking into it further, something like webfinger in conjunction with oauth could be used to do the email to openid url lookup. Hence, retain the password pattern while still doing what openid was originally intended to do. I think any new iteration of OpenID where (more) privacy is given up is wrong and unnecessary.

OpenID in its current incarnation failed to get traction because of the anti-pattern of using urls instead of email addresses/usernames not because of a lack of personal information identifiers.

Without having looking into it further, something like webfinger in conjunction with oauth could be used to do the email to openid url lookup. Hence, retain the password pattern while still doing what openid was originally intended to do.

]]> By: Mr. Gunn http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118160 Mr. Gunn Mon, 17 May 2010 21:02:42 +0000 http://factoryjoe.com/blog/?p=1919#comment-118160 There's no way OpenID is going to present sites with as much user info as Facebook. Instead of hoping that adoption will catch on despite this, perhaps we could say that OpenID draws a different class of user? Demographics are important, and if it's true that geeks are preferentially quitting Facebook or using OpenIDs, then that is the value to the site who'll adopt OpenID connect. Of course, if you can figure out how to market and brand a open distributed service, there's more than a few people who'll be interested in that. There’s no way OpenID is going to present sites with as much user info as Facebook. Instead of hoping that adoption will catch on despite this, perhaps we could say that OpenID draws a different class of user? Demographics are important, and if it’s true that geeks are preferentially quitting Facebook or using OpenIDs, then that is the value to the site who’ll adopt OpenID connect.

Of course, if you can figure out how to market and brand a open distributed service, there’s more than a few people who’ll be interested in that.

]]> By: » Blog Archive » OpenID Connect and Gluecon http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/comment-page-1/#comment-118156 » Blog Archive » OpenID Connect and Gluecon Mon, 17 May 2010 13:34:19 +0000 http://factoryjoe.com/blog/?p=1919#comment-118156 [...] critic of some OpenID things in the past, and a pretty public fan of OAuth, so at first glance, rebuilding OpenID to sit on top of OAuth sounds like a interesting idea. I’ll be curious to see how we (the community) identify any [...] [...] critic of some OpenID things in the past, and a pretty public fan of OAuth, so at first glance, rebuilding OpenID to sit on top of OAuth sounds like a interesting idea. I’ll be curious to see how we (the community) identify any [...]

]]>