Honestly, I would call your answers "beating around the bush". Having said that I must also admit that i am not a person as smart as you are. So let us not take this argument forward, and end it here, or you personally may post an answer for one last time.
I mean, I have asked you a question, and you have been humble enough to reply, and I think we should leave the judgement to everyone else. Thank You Santosh On Mon, May 17, 2010 at 12:10 AM, David Recordon <[email protected]>wrote: > On Sun, May 16, 2010 at 2:45 AM, Santosh Rajan <[email protected]>wrote: > >> David, >> >> Couple of questions I have. >> >> 1) If "OpeniD Connect" is about OAuth 2.0 why use the name OpenID at all? >> What has OpenID got to do with OAuth 2.0? Why not call it "OAuth Connect"? >> > > To me, OpenID is about identity and OAuth is about authorization. When we > built OpenID we had Yadis for discovery which we built on top of, but didn't > have another technology for authorization. This meant that we created our > own mechanism around how the redirects happen, parameters are encoded, and > the signatures generated and verified. > > Today we can replace all of that with OAuth 2.0. So OAuth builds on top of > HTTP, SSL, HMAC, etc which we can directly take advantage of. > > > >> 2) I thought OpenID was about "Federated Identity". On the other hand >> OAuth 2.0 is about "Delegated Identity". Are you dumping the idea of >> "Federated Identity" once and for all for OpenID? >> > > OpenID Connect is still about decentralized identity. "Federated Identity" > means one (or a small number) of providers within a previously agreed upon > circle of trust. One of the key things this proposal adds to OAuth 2.0 is > the ability to have a client the server has never heard of before make an > OpenID request. See http://openidconnect.com/#associations. > > > >> >> 3) My apologies for asking such blunt questions. I will appreciate your >> answers for this. And if you have a good answer I will be your no 1 >> supporter. >> > > No problem, as I said this is really meant to help get the conversation > going again! > > --David > > > Thank you so much, >> Santosh >> >> On Sun, May 16, 2010 at 5:27 AM, David Recordon <[email protected]>wrote: >> >>> The past few months I've had a bunch of one on one conversations with a >>> lot of different people – including many of folks on this list – about ways >>> to build a future version of OpenID on top of OAuth 2.0. Back in March when >>> I wrote a draft of OAuth 2.0 I mentioned it as one of my future goals as >>> well (http://daveman692.livejournal.com/349384.html). >>> >>> Basically moving us to where there's a true technology stack of TCP/IP -> >>> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome APIs). Not just >>> modernizing the technology, but also focusing on solving a few of the key >>> "product" issues we hear time and time again. >>> >>> I took the past few days to write down a lot of these ideas and glue them >>> together. Talked with Chris Messina who thought it was an interesting idea >>> and decided to dub it "OpenID Connect" (see >>> http://factoryjoe.com/blog/2010/01/04/openid-connect/). And thanks to >>> Eran Hammer-Lahav and Joseph Smarr for some help writing bits of it! >>> >>> So, a modest proposal that I hope gets the conversation going again. >>> http://openidconnect.com/ >>> >>> --David >>> >>> _______________________________________________ >>> specs mailing list >>> [email protected] >>> http://lists.openid.net/mailman/listinfo/openid-specs >>> >>> >> >> >> -- >> http://hi.im/santosh >> >> >> > -- http://hi.im/santosh
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
