[OpenID] My 2 Cents to the OpenID foundation

Allen Tom atom at yahoo-inc.com
Thu Apr 2 18:28:46 UTC 2009


Martin Atkins wrote:
> Ad-hoc association seems redundant in OAuth preregistration scenarios 
> where a shared secret has already been established out-of-band. I'm 
> just prototyping right now, though... I just wanted to throw that out 
> there while we're on the subject.

The OAuth Consumer Key/Secret pair is pretty much equivalent to OpenID's 
Associatation Handle/Association.

That being said, there are many ways that OpenID and OAuth could be 
combined, but given that there's already a draft Hybrid spec floating 
around, I'd recommend that everyone just sticks with that, unless 
there's a reason not to.

Allen







More information about the general mailing list