There is definitely a benefit to not having to roll a new implementation of key authorization for each provider. I'm not saying that OAuth serves no purpose at all.
I'm just saying that requiring a business relationship to exist between every consumer and every service provider is not conducive to creating an open marketplace where anyone can be a consumer and anyone can be a provider as we see with OpenID, and it can't scale beyond a few providers. So while code reuse is a good thing, I'd like to think we can achieve more than that. Allen Tom wrote: > Hi Martin, > > Not sure why you say that requiring pre-registration and having an open > stack are mutually exclusive. Are you saying that there's no benefit for > service providers to provide a standard interface to developers? > > Allen > > > Martin Atkins wrote: >> Allen Tom wrote: >>> >>> One problem with this approach is that many SPs like Yahoo and >>> MySpace will require developers to register their site to get a >>> Consumer Key. Given that the developer already has to manually get a >>> CK, there might not that much value in defining a workflow for >>> Consumers to discover the OAuth endpoints. >>> >> >> As long as this is true it will be impossible for such SPs to expose >> non-proprietary protocols like PortableContacts, so either these SPs >> will need to find a way to work without pre-registration or we'll all >> have to accept that the open stack is impossible and go find something >> more productive to do. >> > _______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
