On 4/24/09 11:12 AM, pkeane wrote: > This is correct, but it's important to point out that you have thus > created an authentication mechanism (and authentication is hard).
Federated Identity Barbie says, "Authentication is HARD!" Indeed, I don't think OAuth should specify HOW to authenticate a user, but it should be cognizant of the need for authenticated users and passing an authentication token around. _How_ an SP authenticates its user is left as an exercise to the reader. :-) -- Dossy Shiobara | [email protected] | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
