Wednesday, November 15, 2006

I'm confused (and that's the problem)

Johannes asks people to consider whether or not a mashup of SAML and OpenID makes sense.

I don't see why the issue is any different than that which motivated a previous convergence between LID, Sxip, DIX, and OpenID - this manifested as OpenID 2.0?

There was duplication between these systems, now there is none (or less?). Less duplication means less confusion (I personally love no longer having to know what Passel does or doesn't do).

Between SAML and OpenID there is more and more duplication - this because:
  1. the OpenID community is adding new functionality to OpenID 2.0 for which there are existing equivalent mechanisms in SAML, and
  2. the SAML community is exploring how to enable SAML for use cases historically the purview of OpenID (and its erstwhile counterparts).
Less duplication would be 'better' because it would mean less confusion (amongst developers, vendors, customers, end-users, wives, etc).

Do we need more justification than the goal of creating a simpler marketplace - one unfragmented by confusion over multiple and incompatible identity systems?

No comments: