On Sep 5, 2013, at 2:25 PM, Oleg Broytman <p...@phdru.name> wrote:

> On Thu, Sep 05, 2013 at 02:16:29PM -0400, Donald Stufft <don...@stufft.io> 
> wrote:
>> 
>> On Sep 5, 2013, at 2:12 PM, Oleg Broytman <p...@phdru.name> wrote:
>>>  I used to use myOpenID and became my own provider using poit[1].
>>> These days I seldom use OpenID -- there are too few sites that allow
>>> full-featured login with OpenID. The future lies in OAuth 2.0.
>> 
>> The Auth in OAuth stands for Authorization not Authentication.
> 
>   There is no authorization without authentication, so OAuth certainly
> performs authentication: http://oauth.net/core/1.0a/#anchor9 ,
> http://tools.ietf.org/html/rfc5849#section-3

They are separate topics and authorization does not need to imply 
authentication,
it so happens that in many particular instances of OAuth you can estimate
authentication.

https://en.wikipedia.org/wiki/OAuth#OpenID_vs._pseudo-authentication_using_OAuth

Persona is the logical successor to OpenID.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to