Raffi Krikorian wrote:
The term most frequently used for “delegator” is “relying party.”
What you call the service provider is most frequently called the
“identity provider.” What you call the consumer is usually called
the “subject.” See OpenID, InfoCard, and other similar
account/verify_credentials discloses information that is private. For
example, the HTTP header of account_verify_credentials discloses information
about how frequently the user accesses twitter (the rate limit headers). If
the user hasn't previously authorized (via OAuth) the delegator (relying
On Wed, Feb 10, 2010 at 1:39 PM, Brian Smith br...@briansmith.org wrote:
The subject does not want just **anybody** to verify his identity; he only
wants the **relying party** to be able to verify his identity.
If I understand correctly, a URL signed using OAuth can be accessed
successfully
The subject does not want just **anybody** to verify his identity; he only
wants the **relying party** to be able to verify his identity.
If I understand correctly, a URL signed using OAuth can be accessed
successfully only once, because of the oauth-nonce parameter. Or atleast, it
is
The term most frequently used for “delegator” is “relying party.” What you
call the service provider is most frequently called the “identity provider.”
What you call the consumer is usually called the “subject.” See OpenID,
InfoCard, and other similar specifications for example usage of these
Hi Raffi,
Very pleased that this went out... I've been pushing for this on this list
for quite a while now...
Let us know if you need any help in any way...
As a side note - TweetPhoto has claimed on this list that they have some
sort of oAuth delegation live?? I haven't played with it yet, but
Very pleased that this went out... I've been pushing for this on this list
for quite a while now...
Let us know if you need any help in any way...
i think the biggest thing is just to comment on it, or let me know that it
makes sense. this is relatively easy for us to implement, but we
In the example, would the user have to grant TwitPic access to his account?
I would like to be able to assure TwitPic about the user's identity without
the user having to grant TwitPic any read or read/write access to his
account.
Why does the delegator need to send the service provider
I posted a response on the blog which I am copy-pasting here:
If the intention is to just delegate identity, this can be achieved more
easily with what is available today:
The Consumer, prepares a verify-credentials HTTP request, signed with its
OAuth token, and passes this URL to the
hi all.
thanks so much for the conversation so far! its been great. i've taken a
bunch of the comments and incorporated them into a newer version
http://mehack.com/a-proposal-for-delegation-in-oauth-identity-v-0
let's continue to tear this apart.
On Tue, Feb 9, 2010 at 8:43 PM, Harshad RJ
10 matches
Mail list logo
