[OpenID] My 2 Cents to the OpenID foundation

Martin Atkins mart at degeneration.co.uk
Thu Apr 2 18:37:50 UTC 2009


Allen Tom wrote:
> Martin Atkins wrote:
>> Ad-hoc association seems redundant in OAuth preregistration scenarios 
>> where a shared secret has already been established out-of-band. I'm 
>> just prototyping right now, though... I just wanted to throw that out 
>> there while we're on the subject.
> 
> The OAuth Consumer Key/Secret pair is pretty much equivalent to OpenID's 
> Associatation Handle/Association.
> 
> That being said, there are many ways that OpenID and OAuth could be 
> combined, but given that there's already a draft Hybrid spec floating 
> around, I'd recommend that everyone just sticks with that, unless 
> there's a reason not to.
> 

As I mentioned, I don't think this is a competing spec. It solves a 
different problem and just happens to also involve combining OpenID and 
OAuth. It could be argued that the existing Hybrid spec should be called 
something a bit clearer so it's more obvious what exactly it's combining.

For example, "OpenID/OAuth Hybrid User Authorization".






More information about the general mailing list