Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?

Tue, 05 Feb 2013 13:28:10 -0800 

OIDC seems about the most plausible candidate for a “good general solution”
that I’m aware of.   -T

On Tue, Feb 5, 2013 at 1:22 PM, William Mills <[email protected]>wrote:

> There are some specific design mis-matches for OAuth as an authentication
> protocol, it's not what it's designed for and there are some problems you
> will run into.  Some have used it as such, but it's not a good general
> solution.
>
> -bill
>
>   ------------------------------
> *From:* Paul Madsen <[email protected]>
> *To:* John Bradley <[email protected]>
> *Cc:* "[email protected] WG" <[email protected]>
> *Sent:* Tuesday, February 5, 2013 1:12 PM
> *Subject:* Re: [OAUTH-WG] Why OAuth it self is not an authentication
> framework ?
>
>  why pigeonhole it?
>
> OAuth can be deployed with no authz semantics at all (or at least as
> little as any authn mechanism), e.g client creds grant type with no scopes
>
> I agree that OAuth is not an *SSO* protocol.
>
>  On 2/5/13 3:36 PM, John Bradley wrote:
>
> OAuth is an Authorization protocol as many of us have pointed out.
>
>  The post is largely correct and based on one of mine.
>
>  John B.
>
>  On 2013-02-05, at 12:52 PM, Prabath Siriwardena <[email protected]> wrote:
>
> FYI and for your comments..
>
>
> http://blog.facilelogin.com/2013/02/why-oauth-it-self-is-not-authentication.html
>
> Thanks & Regards,
> Prabath
>
>  Mobile : +94 71 809 6732
>
> http://blog.facilelogin.com/
> http://rampartfaq.com/
>  _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
> _______________________________________________
> OAuth mailing [email protected]https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to