On 16 May 2010 00:57, David Recordon <[email protected]> wrote: > The past few months I've had a bunch of one on one conversations with a lot > of different people – including many of folks on this list – about ways to > build a future version of OpenID on top of OAuth 2.0. Back in March when I > wrote a draft of OAuth 2.0 I mentioned it as one of my future goals as well > (http://daveman692.livejournal.com/349384.html). > > Basically moving us to where there's a true technology stack of TCP/IP -> > HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome APIs). Not just > modernizing the technology, but also focusing on solving a few of the key > "product" issues we hear time and time again. > > I took the past few days to write down a lot of these ideas and glue them > together. Talked with Chris Messina who thought it was an interesting idea > and decided to dub it "OpenID Connect" (see > http://factoryjoe.com/blog/2010/01/04/openid-connect/). And thanks to Eran > Hammer-Lahav and Joseph Smarr for some help writing bits of it! > > So, a modest proposal that I hope gets the conversation going again. > http://openidconnect.com/ >
If the goal is to get something as weak as possible without it instantly collapsing around your ears, then this sounds like a great plan. If, OTOH, you are interested in actually protecting peoples' identities, then OAuth 2.0 doesn't seem like a great starting point. > > --David > > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs > >
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
