[OpenID] My 2 Cents to the OpenID foundation

Peter Williams pwilliams at rapattoni.com
Thu Apr 2 18:41:41 UTC 2009

Seeing as there is no formality to that spec - in terms of process - id like to see those who are orchestrating it go one step further - have it cooperate with saml websso, too. Then, we are starting to see the kind of convergence that makes mass markets and mass adoption - as all the religion has been taken out of the technology.

Just a hint, from a (powerless) consumer of assertions.

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Martin Atkins
> Sent: Thursday, April 02, 2009 11:38 AM
> To: general at openid.net
> Subject: Re: [OpenID] My 2 Cents to the OpenID foundation
> Allen Tom wrote:
> > Martin Atkins wrote:
> >> Ad-hoc association seems redundant in OAuth preregistration
> scenarios
> >> where a shared secret has already been established out-of-band. I'm
> >> just prototyping right now, though... I just wanted to throw that
> out
> >> there while we're on the subject.
> >
> > The OAuth Consumer Key/Secret pair is pretty much equivalent to
> OpenID's
> > Associatation Handle/Association.
> >
> > That being said, there are many ways that OpenID and OAuth could be
> > combined, but given that there's already a draft Hybrid spec floating
> > around, I'd recommend that everyone just sticks with that, unless
> > there's a reason not to.
> >
> As I mentioned, I don't think this is a competing spec. It solves a
> different problem and just happens to also involve combining OpenID and
> OAuth. It could be argued that the existing Hybrid spec should be
> called
> something a bit clearer so it's more obvious what exactly it's
> combining.
> For example, "OpenID/OAuth Hybrid User Authorization".
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list