Re: Building identity on top of OAuth 2.0?

Wed, 19 May 2010 07:46:55 -0700

Can you please expand on and be more specific about what you mean by this:
" If, OTOH, you are interested in actually protecting peoples' identities, then OAuth 2.0 doesn't seem like a great starting point." 


What would be a better starting point? And what does it mean to  
"protect peoples' identities" in your thinking?


Thanks,

Chris

Sent from my iPhone 2G

On May 19, 2010, at 2:25 AM, Ben Laurie <[email protected]> wrote:




On 16 May 2010 00:57, David Recordon <[email protected]> wrote:

The past few months I've had a bunch of one on one conversations  
with a lot of different people – including many of folks on this lis 
t – about ways to build a future version of OpenID on top of OAuth 2 
.0. Back in March when I wrote a draft of OAuth 2.0 I mentioned it a 
s one of my future goals as well (http://daveman692.livejournal.com/349384.html 
).



Basically moving us to where there's a true technology stack of TCP/ 
IP -> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome  
APIs). Not just modernizing the technology, but also focusing on  
solving a few of the key "product" issues we hear time and time again.



I took the past few days to write down a lot of these ideas and glue  
them together. Talked with Chris Messina who thought it was an  
interesting idea and decided to dub it "OpenID Connect" (see http://factoryjoe.com/blog/2010/01/04/openid-connect/ 
). And thanks to Eran Hammer-Lahav and Joseph Smarr for some help  
writing bits of it!


So, a modest proposal that I hope gets the conversation going again. 
http://openidconnect.com/


If the goal is to get something as weak as possible without it  
instantly collapsing around your ears, then this sounds like a great  
plan.



If, OTOH, you are interested in actually protecting peoples'  
identities, then OAuth 2.0 doesn't seem like a great starting point.



--David

_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs


_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs

_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs























					Reply via email to