Chris,
I want to start off by saying how horribly inappropriate it is to use the
OpenID specifications mailing list to peddle an authentication standard that
has absolutely nothing to do with OpenID.
I find it interesting that so many of the OAuth community have taken time
out of their busy schedules to tell me to back off on my extension to
OpenID. Every single response to my specification has mentioned OAuth, and
all with a very defensive tone. Only one or two responses have had any
constructive criticism about the actual content of the specification.
To MY defense, I didn't even know about OAuth until I was reminded of it
in response to my specification. I have attempted to review the spec, but
am unable to locate it anywhere, even though I joined the Google Group, as
requested.
Due to the very public negative response from the OAuth folks, I am tempted
to remove myself from the group as a result.
As for consensus, I simply don't care. This was an exercise to allow OpenID
to fill the needs of a specific use case. I believe it is extremely simple
to implement, and is reasonably secure. If the OpenID folks decide to adopt
it, I will be very happy. If not, I will still be happy.
I am passionate about OpenID. I feel that if I want it succeed, I should
work to extend it, and I should have the freedom to do so.
Thank you,
John Ehn
On 8/29/07, Chris Messina [EMAIL PROTECTED] wrote:
Hi John,
Looks like there's some consensus around OAuth... ;)
I helped to get OAuth off the ground to solve the very problem that
you're looking to solve -- in our case, enabling Ma.gnolia OpenID
users to use Dashboard Widgets and Twitter API users to authenticate
their apps, eventually using OpenID.
While I appreciate your work on an OpenID-specific extension, I think
there's some legitimacy in looking at a solution that works generally
regardless of the authentication mechanism. By decoupling OpenID and
OAuth, the goal was to make it easier to adopt OAuth first and then
lead into adopting OpenID.
In the case of your spec, which seems like a good piece of work,
there'd be no sense in supporting the extension without supporting
OpenID and as such, has limited benefit in the wild for implementors.
With OAuth, if we're able to get folks like AOL, Google, Yahoo and
others to support it, the amount of effort necessary to support all of
them becomes the same amount of work to support one.
Anyway, I'm glad to see you on the OAuth list. Feel free to poke
around; we're looking to put out a 0.9 Draft and have it implemented
over the course of September in libraries and then release finally a
1.0 Oct 1.
Cheers,
Chris
On 8/27/07, David Fuelling [EMAIL PROTECTED] wrote:
John,
Have a look at OAuth
(http://groups.google.com/group/oauth). I think it's
currently a private google group, but it seems like you've given a lot
of
thought to this type of thing, so I'm sure the group owners would
welcome
your input. There's a lot of activity going on over there.
David
On 8/26/07, John Ehn [EMAIL PROTECTED] wrote:
I have created a draft of a new specification that I think will help
to
fill a gap in OpenID functionality.
What appears to be a newer productivity feature of many websites is
the
ability to import and utilize information from other sites. For
instance,
Basecamp provides an API that allows other systems to access user data.
This is a great feature, but it currently cannot be done with OpenID,
due to
the dependence on end-user interaction during the authentication
process.
The Trusted Authentication Extension provides for the ability for an
OpenID Consumer to log in to another OpenID Consumer without user
interaction. The end user will be able to create a trusted connection
between two OpenID enabled sites, which will allow a client site to
access a
destination site using the end user's Identity.
Please provide your comments and feedback, as they are most
appreciated.
http://extremeswank.com/openid_trusted_auth.html
Thank you,
John Ehn
[EMAIL PROTECTED]
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
--
Chris Messina
Citizen Provocateur
Open Source Advocate-at-Large
Work: http://citizenagency.com
Blog: http://factoryjoe.com/blog
Cell: 412 225-1051
Skype: factoryjoe
This email is: [ ] bloggable[X] ask first [ ] private
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
