[OpenID] OAuth vs. AX

Johannes Ernst jernst+openid.net at netmesh.us
Sat Apr 4 03:57:19 UTC 2009


This is the old "Push vs. Pull" debate for which there are mountains  
of discussion in the archives of this very mailing list.

To agree with you, I still think that there's a reason the web is all  
"get" and almost never "push". Even "push" technologies such as RSS  
are really pull under the hood.

Which is why LID was designed even 4+ years back to be always pull.  
Perhaps time to remind people of it ...

E.g.
	http://lid.netmesh.org/wiki/LID_2.0_Traversal_Service

In LID, an HTTP GET request according to this approach is signed  
either with a GPG signature, or with the OpenID authentication  
signature. Could be OAuth, too.





On Apr 3, 2009, at 20:17, Andrew Arnott wrote:

> AX has this push mechanism that allows OPs to notify RPs when  
> attribute values have changed.  I've never heard of this being  
> used.  RPs probably do want to know when their user's data has  
> changed, but AX push is too scary, too poorly supported, or something.
>
> But what if we took a different approach.  What if instead of AX, we  
> used OAuth.  Follow me on this.
>
> Send an OAuth request for permissions to a user's email address,  
> rather than an AX request for the email address itself.  Then the RP  
> can request the user's email address whenever it wants it, whether  
> or not the user is currently authenticating.
>
> What does this buy you?  Ok, not a lot.  But it's an interesting use  
> case for OAuth that I think we should consider.
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the  
> death your right to say it." - Voltaire
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general



Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 977 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090403/113d2803/attachment-0004.gif>
-------------- next part --------------
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090403/113d2803/attachment-0005.gif>
-------------- next part --------------
  http://netmesh.info/jernst





More information about the general mailing list