>
> The subject does not want just **anybody** to verify his identity; he only
>> wants the **relying party** to be able to verify his identity.
>>
> If I understand correctly, a URL signed using OAuth can be accessed
> successfully only once, because of the oauth-nonce parameter. Or atleast, it
>
On Wed, Feb 10, 2010 at 1:39 PM, Brian Smith wrote:
> The subject does not want just **anybody** to verify his identity; he only
> wants the **relying party** to be able to verify his identity.
>
If I understand correctly, a URL signed using OAuth can be accessed
successfully only once, because
Raffi Krikorian wrote:
in general, i really like this mechanism. from just a usability
standpoint, however, it means that the consumer has to make a few
calls simply to perform one action -- they have to call Twitter and
then the service provider. on top of that, a real world example would
h
account/verify_credentials discloses information that is private. For
> example, the HTTP header of account_verify_credentials discloses information
> about how frequently the user accesses twitter (the rate limit headers). If
> the user hasn't previously authorized (via OAuth) the delegator (relyi
Raffi Krikorian wrote:
The term most frequently used for “delegator” is “relying party.”
What you call the service provider is most frequently called the
“identity provider.” What you call the consumer is usually called
the “subject.” See OpenID, InfoCard, and other similar
>
> The term most frequently used for “delegator” is “relying party.” What you
> call the service provider is most frequently called the “identity provider.”
> What you call the consumer is usually called the “subject.” See OpenID,
> InfoCard, and other similar specifications for example usage of t
m] On Behalf Of Raffi
Krikorian
Sent: Tuesday, February 09, 2010 9:23 PM
To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] A proposal for delegation in OAuth identity
verification
hi all.
thanks so much for the conversation so far! its been great. i've taken a
bunch
hi all.
thanks so much for the conversation so far! its been great. i've taken a
bunch of the comments and incorporated them into a newer version
http://mehack.com/a-proposal-for-delegation-in-oauth-identity-v-0
let's continue to tear this apart.
On Tue, Feb 9, 2010 at 8:43 PM, Harshad RJ wr
I posted a response on the blog which I am copy-pasting here:
If the intention is to just delegate identity, this can be achieved more
easily with what is available today:
The Consumer, prepares a verify-credentials HTTP request, signed with its
OAuth token, and passes this URL to the delegator,
In the example, would the user have to grant TwitPic access to his account?
I would like to be able to assure TwitPic about the user's identity without
the user having to grant TwitPic any read or read/write access to his
account.
Why does the delegator need to send the service provider x_reque
>
> Very pleased that this went out... I've been pushing for this on this list
> for quite a while now...
>
> Let us know if you need any help in any way...
>
i think the biggest thing is just to comment on it, or let me know that it
makes sense. this is relatively easy for us to implement, but w
Hi Raffi,
Very pleased that this went out... I've been pushing for this on this list
for quite a while now...
Let us know if you need any help in any way...
As a side note - TweetPhoto has claimed on this list that they have some
sort of oAuth delegation live?? I haven't played with it yet, but
12 matches
Mail list logo