
OpenID Connect - apgwoz
http://openidconnect.com/
======
india
This gets rid of delegation. :( Delegation was what sold me on openid in the
first place. Why would delegation ever need or get buy in from email
providers, ISPs and social providers? Delegation allows me to own my identity
without owning it's management and that is the most wonderful thing about
openid. I don't want to be thought of as me@facebook all over the web because
I don't control how long facebook will exist or not go rouge or not ban me. It
is very important that I be me@mydomain on the web with me2@facebook only
currently being delegated the responsibility of authenticating me and
providing my details.

Removing delegation removes the major part of open from openid as far as I am
concerned.

~~~
daveman692
Delegation still works, but you'll need to run or use a server which is
willing to assert your domain name.

~~~
india
Ummm... it would be nicer to have something where my domain can simply assert
that me@mydomain is equivalent for the moment to me2@otherdomain and the
otherdomain has to do nothing extra. If the otherdomain has to assert mydomain
then I no longer have total control and it all is suddenly a lot less
transparent.

------
lenni
This is great but will only be useful if Facebook, and to a lesser extend,
Microsoft get behind it.

Google seems to be sold since it is basically a souped-up OAuth and Brad
Fitzpatrick now works there.

~~~
indigoviolet
David Recordon, who wrote the big post on that page actually works at
Facebook. As does Luke Shepard.

------
sanj
OpenID was DOA when they decided that URLs were identities rather than email
addresses.

You can argue all you want about the technical merits of that decision, but
the reality is that email _is_ identity for pretty much everyone that doesn't
code.

~~~
daveman692
This proposal supports using email addresses as identities.

