On Wed, Apr 22, 2009 at 10:48 PM, Luca Mearelli <[email protected]>wrote:
> > On Thu, Apr 23, 2009 at 7:37 AM, Chris Messina <[email protected]> > wrote: > > To add to this perspective, OpenID is an assertion or identity protocol > > whereas OAuth is designed as an access or authorization protocol. > ... > > That said, OAuth for Twitter authentication is okay, if you only ever > want > > to authenticate Twitter users. > ... > > Yes, we could say that an authorization delegation protocol might be > used to identify a user by exchanging authorization for the access to > a user-identifying end point (which is more or less what OAuth for > Twitter authentication). I'm still thinking if this could or could not > be extended to become a federated identity system (not that we need > it, there's already OpenID for that!) The problem with OAuth for identity is discovery -- which OpenID, through its use of http:// URLs (& XRDS/YADIS) solves. It's this kind of ad-hoc discovery that makes OpenID better for identity. Chris > > > Luca Mearelli > > > > -- Chris Messina Citizen-Participant & Open Web Advocate factoryjoe.com // diso-project.org // openid.net // vidoop.com This email is: [ ] bloggable [X] ask first [ ] private --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
