On Sun, Jan 4, 2009 at 6:12 AM, Mads Mayntz Kierulff <[email protected]> wrote: > There > are two alternatives that we've found: either run all our gadgets in > Shindig, and then somehow authenticate against Google and run their > gadgets in our Shindig site OR use iGoogle as a container and > authenticate against our cloud site (presumably using OAuth). We > believe at this point that the first option is preferable, partially > because security requirements in the cloud system are based on > personal PKI certificates, which does not at first glance seem to be > very useful with OAuth.
OAuth and personal PKI certs are compatible. For example: 1) User visits consumer site, authenticates with private key. 2) Consumer site uses RSA signed OAuth to request access to service provider site. 3) User is redirected to service provider, authenticates with private key there. 4) User approves access to data. 5) Consumer uses RSA signed OAuth to fetch data. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
