Tuesday, March 25, 2008

See Dick Stun

In discussing whether or not the large identity providers are shirking their OpenID responsibilities by choosing not to act as RPs, Dick writes:
I think it is unfair of Michael and John to expect them [the biggies] to be Relying Parties.

I agree completely. Any RP (large or small) has the right to decide how (or from whom) it will accept 3rd party identity assertions. It's naive to think that community guilt or chiding from the IT press will change that. RPs will deploy a federated identity technology when they perceive that the advantages (for themselves) outweigh the risks (to themselves).

What is (somewhat, the rhyme with 'run' was too precious to pass up) stunning for me is that this acknowledgement from Dick (and he has said it before) comes from a member of the OpenID inner-circle.

In the same spirit of intellectual honesty, here is a little known weakness of my own preferred SSO system:

SAML's defined mechanism for IDP discovery is less than optimal.

Wow, it felt good to get that off my chest.

Dick doesn't let the Humongous OPs (HOPs?) completely off the hook.
The Big Boys can direct some of their bright talent to working with the community in general to overcome these issues

Point. Counter-point.

No comments: