Of course it is an authentication protocol. You make authenticated API requests. It is also a delegation protocol in the way usernames and passwords are exchanged for tokens.
The only thing it doesn't have that OpenID has is discovery, but since it is a single vendor solution, it doesn't need any. My thoughts [1]. EHL [1] http://www.hueniverse.com/hueniverse/2009/04/twitter-connect.html From: [email protected] [mailto:[email protected]] On Behalf Of Dirk Balfanz Sent: Thursday, April 16, 2009 10:57 PM To: OpenID user experience Cc: [email protected]; DiSo Project Subject: [oauth] Re: http://apiwiki.twitter.com/Sign-in-with-Twitter Is this Sign-in-with-Twitter supposed to be to sign into other sites using your twitter account, as in "sign into myhealthrecord.com<http://myhealthrecord.com> using your twitter account"? I don't think that's secure - OAuth is not an authentication protocol. Dirk. On Thu, Apr 16, 2009 at 5:15 PM, Ben Clemens <[email protected]<mailto:[email protected]>> wrote: The nascar situation is akin to the difficulty in handling share (digg/facebook/email/myspace/buzz/etc/etc) options for content. Everyone has it on content pages, but it's almost impossible to guess which subset of sharing sites you can show without overwhelming people (actually there is a hack to figure out which of them have been visited, but anyway...). Really all you can do is choose 3-5 of them that work well and provide a link for more. For choosing which identity providers, that means I'll pick Google openid+oauth, Facebook, and Twitter to feature (and offer others secondarily). It's unfair and leaves out major players, but at least I know those offer my users solid authentication and pass basic user attributes so I can make an account for them without a lot of trouble. Hopefully as people start to use these the most reliable, seamless experience will win and identity will settle around a few major players. On 4/16/09 4:21 PM, "Chris Messina" <[email protected]<http://[email protected]>> wrote: Just wanted to point out that Twitter is now offering sign-in with one's Twitter account using OAuth: http://apiwiki.twitter.com/Sign-in-with-Twitter And, as if we didn't have enough buttons for the NASCAR [1], you can now use Twitter's button: http://twibs.com/oAuthButtons.php Oh, and it might interest some folks that there are interesting conversation going on about Twitter's authorization interface: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/0a1739326384dac6?pli=1 Chris [1] http://tr.im/fj_openid_nascar _______________________________________________ user-experience mailing list [email protected]<mailto:[email protected]> http://openid.net/mailman/listinfo/user-experience --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
