Jonathan Dickinson wrote: > Hi People, > > Seems like people are taking OAuth seriously. Google has (apparently) > recently rolled out support for it. Quoted: > > "This is what OAuth does, it allows the you the User to grant access > to your private resources on one site (which is called the Service > Provider), to another site (called Consumer, not to be confused with > you, the User). While OpenID is all about using a single identity to > sign into many sites, OAuth is about giving access to your stuff > without sharing your identity at all (or its secret parts)." > > Maybe someone should have a look at this for a possible interop spec? > Hit login, open a web page and authenticate: I suppose it works like > the Facebook API in many ways (can store a permanent login token). > > The nice thing about it, I guess, is that by supporting it we can > remove the dependency of plain-text passwords in the DB (because you > are in charge of how the passwords are checked, not X-amount of SASL > mechanisms that collectively force you to store it in plain-text).
As far as I understand it, OAuth is for *authorization*, not *authentication*. So an XMPP service would use OAuth to allow someone to (say) publish to your PEP nodes, would not use it as a substitute for native authentication. IMHO, anyway. Peter _______________________________________________ JDev mailing list FAQ: http://www.jabber.org/discussion-lists/jdev-faq Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [EMAIL PROTECTED] _______________________________________________
