On Feb 5, 2008 3:42 PM, Reinoud Elhorst <[EMAIL PROTECTED]> wrote: > Would this be for gadgets authenticating towards their "home sites" (so a > gadget of lastfm wanting to show data the user previously entered on > lastfm), or connecting to third party API's (let's say a fictional Slide > gadget wanting to retrieve private photo's from Flickr)
It depends how many different identity silos are involved. If a user's entire interaction with the 'home site' is through a single SNS, you don't really need OAuth. Signed fetch is enough for the home site to keep track of the user. If there are multiple SNS and you are trying to have all connect to the same account on the home site, full OAuth is useful. If the user has a separate login and password on the SNS vs the home site, full OAuth is useful. I haven't played with lastfm, but the Slide/Flickr use case sounds like OAuth to me. Cheers, Brian
