[Auth]Early adopters and pesky vendors

[Ron Burk]

>  And I believe that nerds like
> me will be the early adopters of any open authentication service.

If the simplest single logon proposal is successful,
it absolutely will not be nerds who are early adopters.
It will be all the "normal" users who are customers of existing
password software who will instantly become dotGNU users when
their vendor adopts the standard. It will also be all the "normal"
web page designers who are not programmers, and who will
jump at the chance to participate in a standard that is simple
and requires no programming, no SDKs, and no agreements
with third-party servers.

> Implementation will be difficult, I know.

On the contrary, that part of the implementation is already done!
Try out some of the existing password software vendors.
The ones I've identified so far are all Windows clients, but
if they can do plausible UI designs on Windows, I'm sure
someone else can on other platforms (if they haven't already).
AFAIK, they all offer detailed designs that restrict how information is
given out. They also offer customer's choice, which is one of the things
I would like to get from a standard that is truly open.

> My concern is that people won't install a plugin.

You've hit on another strength of the simplest single login
proposal -- it does not claim the client has to be a plugin,
and a whole bunch of people already have the needed
software installed! I say that, because the goal of this
proposal is to involve all the existing vendors of password
software, and get them to adopt the resulting standard.
If that's successful, then the standard signs up a whole
bunch of clients right away.

>  It's too much work for
> the average user (e.g. my mom). That's how IE got its market share; by
> being the default. Passport is the default; how do we get people to take
> one extra step to dotGNU auth?

You can't compete with Microsoft's ability to control  what's
installed on a new PC (or even their ability to force upgrades).
However, aligning with vendors who already have their products
installed on many client machines provides a much faster start
than any of the more complex solutions I've seen proposed
to date. These vendors have proven they can sell their existing
solution to customers; it's only reasonable to think they can sell
even more if a standard arrives that lets them function more
transparently with even more web sites.

> Then there are no pesky commercial software vendors to
> convince of the project's value.

How will you come up with the many thousands of
single logon customers that the pesky vendors offer us on day one?
How will you offer the customer the variety of dozens of different
designs to choose from (some of which are already adopted by
some corporations) that the pesky vendors offer on day one?
I think the "pesky" vendors are invaluable if the goal is to actually
be successful at competing with Passport.

Ron Burk
HighTechInfo.com, www.hightechinfo.com