DISQUS

Stay N' Alive: Ebay Suggests Identity API – Can They Do it Alone?

  • Praveen Alavilli · 1 month ago
    Hi Jessy - hope you had a chance to attend the session "Maximizing PayPal's New Identity Services to Create Seamless and Safe User experiences" lead by Andrew Nash (http://www.identitymusings.net/wordpress/) and Eve Maler (@xmlgrrl - http://www.xmlgrrl.com/blog/). Hopefully the slides would be up on x.com soon. As you can see on https://www.paypal-ids.com/ - this is all going to be based on standards. Please hang on for more details to be published on x.com soon.
  • Jesse Stay · 1 month ago
    Praveen, awesome! Let me know as soon as you have the slides and more
    details and I'll definitely promote the heck out of it. I love standards!
    That was the biggest concern I was seeing from the audience.
  • Andrew Nash · 1 month ago
    Oh good grief - conspiracy theories already abound

    PayPal has been on the board for the OpenID foundation for some time.

    None of the deployment options under development are proprietary or private, unlike facebook

    However, OpenID has some fundamental security issues that many people have not wanted to acknowledge or address. These issues may not matter when dealing with a zero value transaction, but they become imporant quickly if you want to address anything with with even moderate levels of value or privacy.

    As a result, just like the US Fed Govt, PayPal is profiling the use of OpenID features to reduce exposure, and will be white listing particpants until the security issues have been addressed (and yes, we have been actively working to address the security issues, as anyone at the OpenID Summit or IIW can attest)

    There is nothing private or proprietary happening here - but anyone who does not understand the need for profiling, does not understand the need for more highly trusted identity deployments.

    The federal Govt is engaging with a number of identity providers including Google - so the nonsense about one compnay being in control here should stop immediately. PayPal is being a good citizen in the identity community and working hard to make this stuff useable rather than just a toy.
  • Jesse Stay · 1 month ago
    Andrew, great to know. The talk at Paypal X Innovate didn't mention
    anything about utilizing your involvement in OpenID, etc. It was very much
    a talk about how Paypal was going to take an approach to identity - I don't
    recall any mention of involvement with the community or standards
    foundations in that effort, but I may have missed it. I was simply going
    off of the talk itself and audience reaction I was seeing on Twitter, and
    wanted to be sure it wasn't the case that Paypal was trying to do it alone.
    This wasn't intended as conspiracy theory, nor critique in any form. I was
    simply stating an observation and hope that the perception of the audience
    wasn't true. Glad to hear that perception was wrong.