【Hacker News搬运】OpenID Connect规范作为ISO标准发布

hackernews

Title: OpenID Connect specifications published as ISO standards

OpenID Connect规范作为ISO标准发布

Text:

hn link

Url: https://self-issued.info/?p=2573

很抱歉，作为一个文本和代码处理的AI，我无法直接访问或分析网页内容。因此，我无法直接使用JinaReader或其他工具来抓取和分析您提供的链接内容。

不过，如果您能提供该网页上的文本内容，我可以帮助您进行分析和总结。另外，如果内容是其他语言的，我可以使用在线翻译服务将其翻译成中文，然后再进行总结。请提供网页上的文本内容或其翻译版本，我将尽力协助您。

Post by: mooreds

Comments:

simonw: It took me an embarassingly long time (given how keenly involved I was in OpenID stuff ~17 years ago <a href="https://simonwillison.net/search/?tag=openid&year=2007" rel="nofollow">https://simonwillison.net/search/?tag=openid&year=2007</a>) to understand that OpenID Connect is almost unrelated to the original idea of OpenID where your identity is a URL and you can prove that you own that URL.<p>OpenID Connect is effectively an evolution of OAuth.

simonw: 令人尴尬的是，我花了很长时间（考虑到17年前我非常热衷于OpenID的工作）才明白OpenID Connect几乎与OpenID的最初想法无关，在OpenID中，你的身份是一个URL，你可以证明你拥有它。URL.<p>OpenID Connect实际上是OAuth的进化。

olieidel: The whole monetization and organization around ISO standards feels super shady.<p>One lesser known hack is to search the friendly Estonian site [1] for a cheaper version of the standard - they often create their own versions of the standards which much pretty contain the exact same content as the original. Unfortunately, in this case, it seems they only are offering the actual standard at a similar price [2]. Sad dog face.<p>It could be worthwhile to monitor the website to see if they release their own version for a better price in the future. Usually, their prices are ~10% of the original price (one more data point that Estonia does cool stuff).<p>We deal with the rather shady standardization organizations quite a lot as we work in medical device compliance [3]. I've heard all the usual arguments: "But standardization costs money!", "These organizations are doing good work!", etc., etc. No. I completely disagree. If something's a standard, that in my opinion makes it similar to a law - people should be able to follow it, and that requires people to freely access it. The EU Advocate General seems to agree [4]. And there are lots of standardizations which don't rely on shadily offering PDFs for money: ECMAScript and ANSI C come to mind, but the list goes on.<p>[1] <a href="https://evs.ee" rel="nofollow">https://evs.ee</a>
[2] <a href="https://www.evs.ee/en/search?OnlySuggestedProducts=false&query=26131&Otsi=Otsi" rel="nofollow">https://www.evs.ee/en/search?OnlySuggestedProducts=false&que...</a>
[3] <a href="https://openregulatory.com/accessing-standards/" rel="nofollow">https://openregulatory.com/accessing-standards/</a>
[4] <a href="https://openregulatory.com/maybe-eu-standards-are-becoming-freely-available-soon/" rel="nofollow">https://openregulatory.com/maybe-eu-standards-are-becoming-f...</a>

olieidel: 围绕ISO标准的整个货币化和组织感觉超级阴暗<p> 一个鲜为人知的黑客行为是在友好的爱沙尼亚网站[1]上搜索更便宜的标准版本——他们经常创建自己的标准版本，这些版本几乎包含与原始版本完全相同的内容。不幸的是，在这种情况下，他们似乎只以类似的价格提供实际的标准[2]。悲伤的狗脸<p> 值得监控该网站，看看他们是否会在未来以更好的价格发布自己的版本。通常，它们的价格是原价的10%左右（还有一个数据点表明爱沙尼亚做的很酷）<p> 在医疗器械合规工作中，我们经常与相当阴暗的标准化组织打交道[3]。我；我听到了所有常见的论点：&quot；但标准化需要花钱&“&“；这些组织做得很好&“；，等等。不，我完全不同意。如果某事；这是一个标准，在我看来，它类似于一项法律——人们应该能够遵守它，这要求人们自由获取它。欧盟检察长似乎同意[4]。而且有很多标准化没有；不要依赖偷偷摸摸地提供PDF来赚钱：我想到了ECMAScript和ANSI C，但清单还在继续。<p>[1]<a href=“https:&#x2F；evs.ee”rel=“nofollow”>https:&#x2F；evs.ee</a>[2] <a href=“https:”www.evs.ee“en”search？Only建议产品=false&amp；query=26131&amp；Otsi=Otsi“rel=”nofollow“>https:”&#x2F；www.evs.ee；en■；搜索？仅推荐产品=错误；奎</a>[3] <a href=“https://openregulatory.com/访问标准”rel=“nofollow”>https://&#x2F；openregulator.com；访问标准</一[4] <a href=“https:#x2F；#x2F openregulatory.com#x2F也许欧盟标准很快就会免费提供#x2F”rel=“nofollow”>https:&#x2F；openregulator.com；可能是欧盟标准即将出台</a>

bborud: No aspect of this is good for anyone. First, standards you have to pay to obtain are a really, really bad thing. Second, I wish more effort would go into designing standards and implementations that aren't such an endless time sink when you need them.

bborud: 这对任何人都没有好处。首先，你必须付出代价才能获得的标准是一件非常非常糟糕的事情。其次，我希望在设计标准和实现方面付出更多努力，这些标准和实现不是；当你需要它们的时候，这样无尽的时间不会消失。

nick238: Standards are nice, but the large standards organizations like ISO annoyingly charge a bit to view them. I suppose this is because some businesses/industries require "real" standards by those orgs rather than the IETF or other dirty open-source hippie collectives.

nick238: 标准很好，但像ISO这样的大型标准组织令人恼火地收取了一些查看标准的费用。我想这是因为一些企业；行业要求&quot；真实&quot；这些标准是由这些组织制定的，而不是由IETF或其他肮脏的开源嬉皮士团体制定的。

drdaeman: Identity provisioning is an abomination that shouldn't have been invented. I used to be a fan back in mid-'00s, self-hosting an OpenID server, without realizing how the whole concept is so fundamentally flawed.<p>Identity is an innate and inalienable property of individual, not something that anyone else (another person, company/website, government or whoever else) can "provide". They can merely attest by providing a credential, by e.g. issuing a passport.<p>At least Webauthn got this right.

drdaeman: 身份配置是一件令人憎恶的事情，应该；它是被发明的。我曾经是一个球迷在中期-；00s，自托管OpenID服务器，却没有意识到整个概念有多么根本性的缺陷<p> 身份是个人与生俱来的、不可剥夺的财产，不是其他任何人（他人、公司、网站、政府或其他任何人）所能拥有的&quot；提供&quot；。他们只能通过提供凭证来证明，例如签发护照<p> 至少Webauthn是对的。