Re: Bar Bof on Federated Authentication Thursday at 9 PM during IETF week

Phillip Hallam-Baker <> Wed, 10 March 2010 13:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4B3B43A68DF; Wed, 10 Mar 2010 05:04:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BsqwWE4zfpWk; Wed, 10 Mar 2010 05:04:35 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 3792E3A6778; Wed, 10 Mar 2010 05:04:35 -0800 (PST)
Received: by iwn10 with SMTP id 10so1932001iwn.31 for <multiple recipients>; Wed, 10 Mar 2010 05:04:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=8W8irjGa6cqLvxbpxqomQeBaYETBCLb9VRA0/sgRKeE=; b=b0ovHFK8ewL8ht1hrrtMnB7cvXigkEOit1ir8CHJRqhZ52dVkw7HV3Flkrrj1qTjS3 9eLiajHYD9NslmbM9mM8UH15wYxbdnfJXSgTv4H9rlN76yt2LyT+27wuYBDW9WlTOx0X TUTQmcaeH56hgOsVPhvkgHlbcD6vpWn8jVXn0=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=G+pGr7Y2NCvvN8SFoX2tz6uiTpr/Gnv4haSdQPnxqbSvT9JHWAquVNZyiFBML4MM76 KWYcdukCVEmSUIjYUVFGjn+SXqPLH7Rlx01pJT20WLy87Gj77ztAn4Y1/cinVWcA6QxZ 4uoQn5SnJ5QFvP1jMQFcpNC0FsnDowaZO78Mc=
MIME-Version: 1.0
Received: by with SMTP id l4mr190030iby.40.1268226277538; Wed, 10 Mar 2010 05:04:37 -0800 (PST)
In-Reply-To: <>
References: <> <006f01cabfeb$d21a5000$764ef000$@net> <>
Date: Wed, 10 Mar 2010 08:04:37 -0500
Message-ID: <>
Subject: Re: Bar Bof on Federated Authentication Thursday at 9 PM during IETF week
From: Phillip Hallam-Baker <>
To: Melinda Shore <>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Wed, 10 Mar 2010 10:28:26 -0800
Cc:, Glen Zorn <>,,, Sam Hartman <>,
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Mar 2010 13:04:45 -0000

And there was a time when a Request For Comments was intended to be an
informal note, we seem to have made a mess there as well.

What I find sad about the whole identity/authentication area is the
way that we have so many frameworks and frameworks of frameworks and
complexity for what is a very simple problem. And I am sorry, but
doing the job the user wants done IS actually the easy part.

What is hard about federated authentication is the fact that there are
all these people who already think they have done something important
and that it must be part of the solution.

The result is a series of Frankenstein monsters with very visible
seams with irrelevant choices the user is presented with. My computer
knows I am logged into my Google mail account to write this note. Why
can't it figure out a seamless and entirely transparent method of
securely communicating that fact to other sites I might want to
access? That is not a hard problem, but it has been made hard by
insistence on irrelevant technology.

Last time we had a BOF on that subject matter we had people with the
bizarre notion that the user interface should be excluded from work on
user authentication.I don't care if usability is outside people's
comfort zone, if any group is going to be chartered in this space it
should be required to address usability issues or we are better off
without it.

On Tue, Mar 9, 2010 at 7:57 PM, Melinda Shore <> wrote:
> On Mar 9, 2010, at 3:51 PM, Glen Zorn wrote:
>> Suddenly I'm nostalgic for the days when bar BOFs were impromptu affairs
>> that sprang up in, well, _bars_ & were of necessity free of PowerPoint
>> infestation...
> It wasn't that long ago that a member of the IESG was
> objecting to calling them BOFs at all.  It used to be
> the case that it was just a bunch of people talking,
> and this stuff about rooms and presentations and whatnot
> leads me to wonder if the "bar BOF" has graduated to
> something that's got some level of sponsorship or
> support from somewhere other than just the people who
> show up, and whether or not that matters.
> Melinda
> _______________________________________________
> Ietf mailing list

New Website:
View Quantum of Stupid podcasts, Tuesday and Thursday each week,