November 18, 2009
OpenID v.Next Goals

OpenID logoThe OpenID v.Next session at IIW run by David Recordon and Dick Hardt reached some important conclusions about the future of OpenID. The motivation for the v.Next discussion was the sense that we’ve learned enough since the OpenID 2.0 specification was finalized that it’s time to revise the spec to incorporate what we’ve learned. This session attempted to reach a consensus on the priorities for the next version of OpenID, with a large number of the important players participating. I haven’t seen the decisions made published elsewhere, so I’m recording them here.

David organized the session around a stated goal of producing an evolved OpenID specification within the next six months. The consensus goals reached were as follows. The numbers represent the number of participants who said that they would work on that feature in the next six months.

  • Integrating the UX extension (in which the user interacts with the OP in a pop-up window) into the core specification: 12
  • Evolving the discovery specification for OpenID, including adding OpenIDs using e-mail address syntax: 10
  • Integrating attributes (claims) into the core specification: 9
  • Integrating the OAuth Hybrid specification into the core specification: 8
  • Supporting an optional active client (identity selector) and non-browser applications: 8
  • Improve security, including investigating enabling use at levels of assurance above NIST level 1: 8
  • Better support for mobile devices: 8
  • Addressing the problem of long URLs (where browsers limit URL length to 2048 or sometimes 256 characters): 6

And in case it isn’t obvious from reading the above, there was also an explicit consensus in the room that OpenID v.Next would not be backwards compatible with OpenID 2.0. (It will be related to, but not compatible with OpenID 2.0, analogously to how SAML 2.0 is related to, but not compatible with SAML 1.1.) I believe we have interesting and exciting times ahead!

Thanks to Hannes Tschofenig for publishing photos of the whiteboard and some of the votes.

6 Responses to “OpenID v.Next Goals”

  1. De doelstellingen voor | Papierloos informatie over digitale identiteit elektronische handtekening en betrouwbare uitwisseling on 18 Nov 2009 at 3:36 pm #

    […] Lees meer in deze post […]

  2. Mike Jones: self-issued » 2010 OpenID Summit EU on 06 May 2010 at 11:39 pm #

    […] Topics are expected to include: use cases, issues and problems encountered, solutions proposed, the OpenID v.Next effort, and EU trust profile […]

  3. Pushing String » OpenID and OAuth: As the URL Turns on 25 May 2010 at 10:48 pm #

    […] OpenID Connect, which had been hanging around with OAuth in a way that seemed promiscuous. Having insisted last year that it was ready to change, OpenID quickly got busy. OpenID Artifact Binding was […]

  4. How to Engage with Social Media: An Example | on 07 Jun 2010 at 5:31 am #

    […] applied. It’s worth noting that even the OpenID guys are starting to think about OpenID v.Next ( because they agree with the assurance level limitation of the current implementation of OpenID. […]

  5. Identity Crisis: OpenID at a Crossroads | Keep It Locked on 19 Jan 2011 at 7:04 pm #

    […] Connect is just a strawman proposal. There’s an entirely different OpenID charter called v.Next. The two proposals share a lot of the same goals, and seem to involve a lot of the same people. […]

  6. BrowserID: Will it Succeed Where OpenID Failed? – Dick Hardt dot org on 18 Jul 2011 at 9:56 am #

    […] know I am disappointed in the direction of OpenID. I am encouraged that BrowserID has many of the core features I was hoping would emerge in OpenID v.Next. There has been a reasonable amount of online coverage […]