Andy Powell wrote:
> Whatever technology we adopt, we need some kind of formalised, managed
> 'federation' - a set of rules for taking part. Agreed?
Hmm, I'm not sure the OpenID true believers agree with you there!
> Wouldn't an OpenID Federation, in which one of the roles of the
> federation managing agent would be to maintain a whitelist of OpenID
> providers that are 'within' the federation (and that can therefore be
> trusted by everyone else in the federation) make sense?
It will make sense to those who want a trust framework -- a federation,
so it may well happen. But at that point you've crossed the Rubicon
and lost "user-centric", leaving just an alternative technical protocol
and built-in discovery. So it's not clear that (all of) the OpenID army
will follow you to there.