Sorry, Eran, but it is not an authentication protocol. An authentication protocol must be signed by the authenticator, not by the authentication requester.
On Fri, Apr 17, 2009 at 12:26 AM, Eran Hammer-Lahav <[email protected]> wrote: > Of course it is an authentication protocol. You make authenticated API > requests. It is also a delegation protocol in the way usernames and > passwords are exchanged for tokens. > > > > The only thing it doesn’t have that OpenID has is discovery, but since it is > a single vendor solution, it doesn’t need any. > > > > My thoughts [1]. > > > > EHL > > > > [1] http://www.hueniverse.com/hueniverse/2009/04/twitter-connect.html > > > > From: [email protected] [mailto:[email protected]] On Behalf Of > Dirk Balfanz > Sent: Thursday, April 16, 2009 10:57 PM > To: OpenID user experience > Cc: [email protected]; DiSo Project > Subject: [oauth] Re: http://apiwiki.twitter.com/Sign-in-with-Twitter > > > > Is this Sign-in-with-Twitter supposed to be to sign into other sites using > your twitter account, as in "sign into myhealthrecord.com using your twitter > account"? > > I don't think that's secure - OAuth is not an authentication protocol. > > Dirk. > > On Thu, Apr 16, 2009 at 5:15 PM, Ben Clemens <[email protected]> > wrote: > > The nascar situation is akin to the difficulty in handling share > (digg/facebook/email/myspace/buzz/etc/etc) options for content. Everyone has > it on content pages, but it’s almost impossible to guess which subset of > sharing sites you can show without overwhelming people (actually there is a > hack to figure out which of them have been visited, but anyway...). Really > all you can do is choose 3-5 of them that work well and provide a link for > more. > > For choosing which identity providers, that means I’ll pick Google > openid+oauth, Facebook, and Twitter to feature (and offer others > secondarily). It’s unfair and leaves out major players, but at least I know > those offer my users solid authentication and pass basic user attributes so > I can make an account for them without a lot of trouble. Hopefully as people > start to use these the most reliable, seamless experience will win and > identity will settle around a few major players. > > > On 4/16/09 4:21 PM, "Chris Messina" <[email protected]> wrote: > > Just wanted to point out that Twitter is now offering sign-in with one's > Twitter account using OAuth: > > http://apiwiki.twitter.com/Sign-in-with-Twitter > > And, as if we didn't have enough buttons for the NASCAR [1], you can now use > Twitter's button: > > http://twibs.com/oAuthButtons.php > > Oh, and it might interest some folks that there are interesting conversation > going on about Twitter's authorization interface: > > http://groups.google.com/group/twitter-development-talk/browse_thread/thread/0a1739326384dac6?pli=1 > > Chris > > [1] http://tr.im/fj_openid_nascar > > _______________________________________________ > user-experience mailing list > [email protected] > http://openid.net/mailman/listinfo/user-experience > > > > > -- Breno de Medeiros --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
