hans.gerwitz

OpenID has it right

Posted on April 6th, 2006

There has been much ado over the last year about identity. Most of the early plays were centralized thinly-​​veiled attempts to own your identity. Even many of the 2.0 systems depend on the solvency of a managing orga­ni­zation. SAML is a big heavy beast as you might expect from a committee.

So, I was very excited in January of 2005 to see LID. I set out to make my site compliant. I started by writing a server, as I needed a LID URL for testing. It quickly became apparent, though, that reusing an already-​​dynamic URL would require I modify existing request-​​handling code. At that time, I was using SnipSnap and the project was dormant and not very exten­sible, so sharing my work would require forking the codebase.

It is ridiculous, I concluded, that I should even have such a dilemma, why can’t I just reference the LID server URL from my published, friendly one? So I queried Johannes Ernst:

I find it a bit unwieldy to have the LID server acting as a filter for a URL otherwise served by other appli­ca­tions. I would like to under­stand why the spec doesn’t either postfix the URL (e.g. “http://www.example.com/~me/lid/”) or always begin the querys­tring with a para­meter that can be used for filtering (e.g. ?lid&help=help”). (I don’t want to simply use http://phobia.com/lid/, as I think the re-​​use of web URLs is an appealing attribute of LID.)

He responded by pointing me to a ratio­nal­ization of using your “real” URL which didn’t really answer my question, ignored my acknowl­edgement of same, and made it clear he just didn’t see why I might be annoyed that his spec basi­cally asserts “we hereby claim a set of querys­tring para­meters in the name of NetMesh!”

So, I just lost interest and decided to give the market more time to find a solution. A year later, and along comes OpenID, which has this to say about LID:

Assumes that identity URLs are dynamic docu­ments that can handle fancy URL para­meters. Not true in real life, which is key for adoption.

Amen, brother. The tremendous interest a decoupled approach has garnered has even convinced Johannes that even OpenID isn’t abstract enough, and we really need more redi­rection so everyone can still have their favorite spec. Whatever. I’ll be looking to comply with OpenID soon.

View Comments to “OpenID has it right”

  1. Johannes Ernst Says:
    April 21st, 2006 at 11:32
    You seem to be missing a bit of history over the last year, assuming this is a new post.

    For example, Yadis — initiated by NetMesh and Six Apart/​OpenID and taken up by the community around yadis.org — which puts both LID and OpenID under the same discovery umbrella (which has the “dele­gation” features you are asking for).

    And that the NetMesh LID imple­men­tation (both down­loadable code and hosted at myLID.net) now supports OpenID and Yadis. So among other things, it does what you are asking for.

  2. hans Says:
    April 21st, 2006 at 13:48
    I’m aware of Yadis, notice the link in the last para­graph. What frus­trated me as a potential imple­mentor is that you didn’t seem to acknowledge any value in decou­pling my “home URL” and my “LID URL” until OpenID came along and threatened to usurp LID’s role as the “2.0″ standard.

    Personally, I feel that Yadis is an unnec­essary layer and is “too hard” to be widely adopted (as with Liberty or any number of RDF-​​based semantic web initiatives).

    Don’t be too offended, though… I chal­lenge because I care. LID and your Identity 2.0 talks woke the community up; we might be a year or more behind if you hadn’t woken everyone up.

Leave a Reply

blog comments powered by Disqus