WebID versus OpenID Connect
Okay, I’m breaking this one out into it’s own thread (that is, a discussion about which identity protocol best fits BuddyPress), as there’s already been some discussion regarding the merits of either or both.
But first, a primer. Anyone coming to this conversation might want to read some of these external posts:
It would also be advised to read the forum threads titled “Resources for Members” and “Priority of Protocols & Purposes, etc. (case studies?)” for further priming.
(One quick note: I do expect other protocols to bleed into this one, especially discovery-related protocols (WRAP, XAuth, WebFinger?), but if discussion gets too dense in another area, lets try and break it off into another thread.)
So, to begin things, there has been some previous discussion about what technologies are best suited for identity. (Specifically, WebID versus OpenID Connect.) (Note it’s now being referred to by the community as OpenID Connect, and a spec is being reworked along those lines.) I believe @jeffsayre favors WebID due to the implicit strength of built-in technology. I believe part of the reasoning (and he’ll have to speak to this as I can’t really do it for him) is that the technology already exists and it follows a more powerful, simple system. I would argue, after watching this link that he posted on Twitter ( http://www.youtube.com/watch?v=8iZPJBpI2Po ) that it is anything but simple, especially from a usability point of view, and that OpenID Connect is working more toward a viable simple solution.
Nothing here is perfect (yet), and I expect that (funny as this may seem) the identity will be one of the last pieces to actually fit into WP/BP as a social stack protocol. (We’re actually more ready to implement other protocols, such as Activity Streams, PoCo, and OAuth 2.0). However, this also will prove to be one of the more important decisions made. In framing my own preference for going with OpenID Connect (perhaps coupled w/ WebID?), I submit the following questions to prod discussion:
1. What protocol will actually be the most simple and usable? (I do think this is the most important question, despite other technology concerns)
2. Adoption rate: Will a larger community support WebID? Should we go with OpenID Connect because it is more popular?
3. What are the key technology differences, and why is one better than the other (be as specific as possible)?
4. Can they be coupled in any meaningful way? Is it possible to get the best of both worlds?
Let’s use this thread to iron out which identity protocol we think will be best, and once we’ve decided on one, we’ll open another thread for how to implement such a thing.
You must be logged in to reply to this topic.