There are some specific design mis-matches for OAuth as an authentication
protocol, it's not what it's designed for and there are some problems you will
run into. Some have used it as such, but it's not a good general solution.
-bill
________________________________
From: Paul Madsen <[email protected]>
To: John Bradley <[email protected]>
Cc: "[email protected] WG" <[email protected]>
Sent: Tuesday, February 5, 2013 1:12 PM
Subject: Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
why pigeonhole it?
OAuth can be deployed with no authz semantics at all (or at least
as little as any authn mechanism), e.g client creds grant type
with no scopes
I agree that OAuth is not an *SSO* protocol.
On 2/5/13 3:36 PM, John Bradley wrote:
OAuth is an Authorization protocol as many of us have pointed out.
>
>
>The post is largely correct and based on one of mine.
>
>
>John B.
>
>
>On 2013-02-05, at 12:52 PM, Prabath Siriwardena <[email protected]> wrote:
>
>FYI and for your comments..
>>
>>
>>http://blog.facilelogin.com/2013/02/why-oauth-it-self-is-not-authentication.html
>>
>>
Thanks & Regards,
>>Prabath
>>
>>
>>Mobile : +94 71 809 6732
>>
>>http://blog.facilelogin.com/
>>http://rampartfaq.com/
_______________________________________________
>>OAuth mailing list
>>[email protected]
>>https://www.ietf.org/mailman/listinfo/oauth
>>
>
>
>
>_______________________________________________
OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
