I do agree with that. But it is important to recognize where each came
from, and what problems each respectively sought to address.
Narrowing the divide between the two and making it easier to use both
together is something I'm absolutely in favor of.
Sent from my iPhone 2G
On Mar 26, 2010, at 9:19 PM, David Recordon <[email protected]> wrote:
Agreed. There's a bunch of interesting things that could be done to
bring OpenID and OAuth closer together.
On Fri, Mar 26, 2010 at 7:15 PM, Ashish Jain <[email protected]> wrote:
This is worth exploring further at the next OpenID Summit (assuming
there is
interest). RPs that we talk to have overlapping use cases and it's
not fair
to their developers to have completely independent SDKs (different
signing
mechanism, on boarding process etc).
-Ashish
---------------------------------------------------------------
Ashish Jain
Sr. Product Manager, PayPal Identity Services
email: [email protected]
cell: 303-548-4325
skype: itickr
---------------------------------------------------------------
On Fri, Mar 26, 2010 at 7:16 PM, Robert Winch <[email protected]>
wrote:
If you haven't seen this post, it may be of interest
http://hueniverse.com/2009/04/introducing-sign-in-with-twitter-oauth-style-connect/
On Fri, Mar 26, 2010 at 5:20 PM, Paul Lindner <[email protected]>
wrote:
If a site has an api that returns a stable user identifier then
OAuth can
work fine as an SSO. I wouldn't go so far as to call it
bastardized..
The big difference between OpenID and OAuth is the idiom used.
OpenID is
designed to not require prior registration for use -- multiple
relying
parties and providers can interoperate using URLs and attribute
exchange.
With OAuth you need a consumer key/secret for your site, and the
APIs for
attribute exchange change from provider to provider.
On Fri, Mar 26, 2010 at 1:39 PM, Chris Messina <[email protected]
>
wrote:
OAuth can be used as a bastardized mechanism to do SSO, but it's
not
really recommended.
OAuth only provides you with tokens, which could later be revoked,
effectively destroying the identity that you're relying on.
OpenID is the preferred way to achieve SSO because it provides
you with
a stable, reusable identifier.
Twitter uses OAuth for SSO, but it's really kind of a mis-use of
the
technology, although in practice it kind of solves the problem.
Essentially OpenID provides you with identity; OAuth provides you
authorization to do things on behalf of a user. Since you're
doing something
on behalf of a user, you get a kind of temporary identity to do
stuff but
it's much more fragile than OpenID.
Why don't you want to do OpenID?
Chris
On Fri, Mar 26, 2010 at 10:21 AM, Adam <[email protected]> wrote:
We currently use CAS for SSO. I'd like to have SSO into gmail,
but do
not want to switch to OpenID. Is it possible to use OAuth to
login
users into their gmail accounts? Or is OAuth only meant to
retrieve
user data?
I am currently using SignPost to connect to OAuth... if it
matters.
Thanks.
--
You received this message because you are subscribed to the
Google
Groups "OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
--
Chris Messina
Open Web Advocate, Google
Personal: http://factoryjoe.com
Follow me on Buzz: http://buzz.google.com/chrismessina
...or Twitter: http://twitter.com/chrismessina
This email is: [ ] shareable [X] ask first [ ] private
--
You received this message because you are subscribed to the Google
Groups "OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
--
You received this message because you are subscribed to the
Google Groups
"OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
--
You received this message because you are subscribed to the Google
Groups
"OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
--
You received this message because you are subscribed to the Google
Groups
"OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
--
You received this message because you are subscribed to the Google
Groups "OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected]
.
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
.
--
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
