[OpenID] My 2 Cents to the OpenID foundation
Martin Atkins
mart at degeneration.co.uk
Thu Apr 2 18:37:50 UTC 2009
Allen Tom wrote:
> Martin Atkins wrote:
>> Ad-hoc association seems redundant in OAuth preregistration scenarios
>> where a shared secret has already been established out-of-band. I'm
>> just prototyping right now, though... I just wanted to throw that out
>> there while we're on the subject.
>
> The OAuth Consumer Key/Secret pair is pretty much equivalent to OpenID's
> Associatation Handle/Association.
>
> That being said, there are many ways that OpenID and OAuth could be
> combined, but given that there's already a draft Hybrid spec floating
> around, I'd recommend that everyone just sticks with that, unless
> there's a reason not to.
>
As I mentioned, I don't think this is a competing spec. It solves a
different problem and just happens to also involve combining OpenID and
OAuth. It could be argued that the existing Hybrid spec should be called
something a bit clearer so it's more obvious what exactly it's combining.
For example, "OpenID/OAuth Hybrid User Authorization".
More information about the general
mailing list