Thursday, October 12, 2006

Profile it baby...

Scott Kveton (who's name seems to be miss-spelled even more often than Paul Madsen's, of you can believe that) responds to Paul's typically full of irony comments on OpenID's Data Transfer Protocol (DTP) proposal.

First off, the DTP specification is just a proposal. It is not a formal part of OpenID yet. Also, this is a really, really rough draft of the proposal that is constantly in motion right now. The fact that it ignores other standards may be true but one of the design goals is to do for data transfer what OpenID has done for single sign-on; light-weight, simple, easy-to-implement, etc. Think of the proposal as a best-of-breed of those heavier technologies. The same can be said of OpenID as it relates to SAML, Sxip and Passport.

I think everyone would be better served by a proposal that was a best-of-breed profile of other specs such as SOAP (which is exceedingly lightweight to begin with), WS-Security, and the like.

You get a much larger bang for the buck by profiling existing standards to meet your needs (and many of the so-called "heavyweight" specifications are heavyweight due to the need to support many different profiles, but you can restrict them to a much narrower, more useful for your environment profile).

Having written an open source liberty toolkit for clients from scratch that does SOAP, WS-Security, and the like, it ain't all that hard as long as you don't start out with "I want to handle every possible scenario in the world and beyond."

Tags : / / / / / /

No comments: