Let’s assume that the OpenID movement continues its dramatic growth for a few more years, and instead of a dozen technology vendors supporting it for hundreds of sites and a handful of use cases, as it is today, we’ll have hundreds of different implementations on tens or hundreds of thousands of sites, applying it to dozens of different use cases.
It’s clear OpenID needs an organizational and governance structure beyond a few mailing lists and an open-source project. But what should it be?
I wrote a version of this last week to the folks with whom we are considering putting together a "trade"/community kind of organization together for OpenID, and figure I might as well share it. I’m trying to point out some of the key differences of what OpenID might do to what other organizations have done in the past.
For example, if Big Corporations A and B both design rival, say, next-generation DVD systems, and patent the heck out of it (and have the armies of lawyers to prove it), and sign up 10 other big companies as supporters each, they may decide that they need to cross-license and merge their proposals because neither is going to win over the other, and as long as there are conflicting proposals in the market, the market is only worth 20% of what it could be.
Then they often will create a “trade” organization that, on the face of it, is dedicated to marketing A+B hybrid technology and be nice to everybody. But it is also designed, very deliberately and less visibly so, to make it rather impossible for company C — which could reasonably compete with A or B — to join in after the fact on anything resembling equal terms: because it was the goal to both A and B to make everybody kiss their feet in the first place, to extract not just as-high-as-possible profits from the technology marketed by the trade organization, but to deny any profit to their competitors. While A realized that under no circumstances would B kiss their’s, and vice versa, they sure are hell-bent to make all Cs and Ds do so. (It generally is very welcoming to those Cs and Ds that won’t infringe on the king-of-the-hill position of A and B, which is why the looks of some of those organizations is deceptive.)
I think, from a (short-sighted?) business/optimize-shareholder-returns perspective of the companies involved in OpenID today, it would be quite valid to propose that the OpenID organization would act exactly that way; in particular from the perspective of governance (e.g. who gets to propose a new form of authentication under the OpenID umbrella, or how complicated it is to develop and market an alternate OpenID implementation.)
However, I would strongly oppose that, and I believe that most people involved in OpenID so far would agree with me: because we don’t want OpenID to be something exclusive, but a basic, free/beer/speech-for-all layer for light-weight interoperable identity, that everybody can plug into in any way they wish, no kissing of feet required in any way shape or form, either now nor later. Because without that, the world won’t look the way we want it to look, and we won’t be able to do the kind of business we want to do. (certainly true for NetMesh)
Because of that — assuming we are all agreed on that — the membership structure should (and I’d argue, MUST) be designed in a way that it allows Cs and Ds to join at any time, on equal terms. Big Cs and little Cs, such as individuals. The only limits being minimal table stakes, such as being constructive, and the ability of the organization and its processes to still function sufficiently. It also means that the technologies blessed as OpenID must be free (both speech and beer): people should only contribute/propose technologies that they own under applicable IP laws and wish to license/donate for free; OpenID needs to stay away from projects and technologies where that may not be the case. (This doesn’t mean that vendors can’t use non-free technologies with OpenID, only that the OpenID organization should stay away from them to stick with its basic focus.)
It doesn’t mean either that the people/companies that put the organization together initially won’t get an extra bit of recognition, such as the title “founding partner” or such. However, that role should not inherently bestow more rights on us than on those who will come after us.
In other words, an organization for OpenID needs to be an Open-Org (I just made up that term), not a cartel.
Because of that, the analogy with many existing trade organizations in a variety of areas does not really work; we need to be mindful of that when we design the organization, its governance, membership structure and processes.
By the way, please let me know if you read this and can think of a good example of an organization that has managed to do something like this; it would be very helpful for all of us to learn from, which is why we are having this discussion about analogies in the first place.