On Wed, May 19, 2010 at 7:49 AM, John Bradley <[email protected]>wrote:
> From conversations at IIW, I would say that David/Facebooks design goal is > something as simple as possible for RP to get the minimum information. > I wouldn't say that these are just my design goals, what I proposed is very similar to even what Twitter shipped a few years ago on OAuth 1.0. http://apiwiki.twitter.com/Sign-in-with-Twitter That may well translate into weak, in this version of the proposal. > > Talking to Brenno and others, variations on this approach may be > significantly less weak. > > Once there is a openID WG considering the issue under our IPR policy I will > feel significantly more comfortable contributing. > > As a community director doing openID standards development outside of the > foundation is not something that I can personally participate in. > > I am looking forward to the vNext working group getting to work. > > I hope as a member you will be participating as well. > > Regards > > John B. > > On 2010-05-19, at 2:25 AM, Ben Laurie wrote: > > > > On 16 May 2010 00:57, David Recordon <[email protected]> wrote: > >> The past few months I've had a bunch of one on one conversations with a >> lot of different people – including many of folks on this list – about ways >> to build a future version of OpenID on top of OAuth 2.0. Back in March when >> I wrote a draft of OAuth 2.0 I mentioned it as one of my future goals as >> well (http://daveman692.livejournal.com/349384.html). >> >> Basically moving us to where there's a true technology stack of TCP/IP -> >> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome APIs). Not just >> modernizing the technology, but also focusing on solving a few of the key >> "product" issues we hear time and time again. >> >> I took the past few days to write down a lot of these ideas and glue them >> together. Talked with Chris Messina who thought it was an interesting idea >> and decided to dub it "OpenID Connect" (see >> http://factoryjoe.com/blog/2010/01/04/openid-connect/). And thanks to >> Eran Hammer-Lahav and Joseph Smarr for some help writing bits of it! >> >> So, a modest proposal that I hope gets the conversation going again. >> http://openidconnect.com/ >> > > If the goal is to get something as weak as possible without it instantly > collapsing around your ears, then this sounds like a great plan. > > If, OTOH, you are interested in actually protecting peoples' identities, > then OAuth 2.0 doesn't seem like a great starting point. > > >> >> --David >> >> _______________________________________________ >> specs mailing list >> [email protected] >> http://lists.openid.net/mailman/listinfo/openid-specs >> >> > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs > > >
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
