[OpenID] OAuth SPs don't have to be your OpenID OP

santrajan santrajan at gmail.com
Sat Apr 4 04:34:43 UTC 2009


The problem is that we are not considering one aspect of the internet we have
seen over the years. The internet has an uncanny ability to sort out trust
issues on it own. Users learn which RP's to trust. Rp's learn which OP's to
trust. Maybe we should factor this into the thinking and move on instead of
getting bogged down by trust issues. 


Andrew Arnott wrote:
> 
>>
>> Why should OpenID support OAuth at all? OpenID can stand on its own. All
>> OpenID needs to do is address the concerns of RP's and users.
> 
> 
> Why?  Because in your own words "OpenID needs to ... address the concerns
> of
> RPs and users".  OAuth protects users, and aids RPs.  Yes, OpenID and
> OAuth
> can and do stand on their own.  But if they are to be used together, it
> can
> be confusing and cumbersome to users unless we work to streamline the
> process.
> 
> Pure and simple.
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
> 

-- 
View this message in context: http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22879987.html
Sent from the OpenID - General mailing list archive at Nabble.com.




More information about the general mailing list