On Sep 5, 2013, at 2:25 PM, Oleg Broytman <p...@phdru.name> wrote: > On Thu, Sep 05, 2013 at 02:16:29PM -0400, Donald Stufft <don...@stufft.io> > wrote: >> >> On Sep 5, 2013, at 2:12 PM, Oleg Broytman <p...@phdru.name> wrote: >>> I used to use myOpenID and became my own provider using poit[1]. >>> These days I seldom use OpenID -- there are too few sites that allow >>> full-featured login with OpenID. The future lies in OAuth 2.0. >> >> The Auth in OAuth stands for Authorization not Authentication. > > There is no authorization without authentication, so OAuth certainly > performs authentication: http://oauth.net/core/1.0a/#anchor9 , > http://tools.ietf.org/html/rfc5849#section-3
They are separate topics and authorization does not need to imply authentication, it so happens that in many particular instances of OAuth you can estimate authentication. https://en.wikipedia.org/wiki/OAuth#OpenID_vs._pseudo-authentication_using_OAuth Persona is the logical successor to OpenID. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com