[OpenID] OAuth SPs don't have to be your OpenID OP
dkearns at gmail.com
Sat Apr 4 04:48:42 UTC 2009
This is the funniest thing I've read throughout this inordinately obtuse
thread. Evidently you haven't heard about phishing, have you?
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net]On
> Behalf Of santrajan
> Sent: Friday, April 03, 2009 9:35 PM
> To: general at openid.net
> Subject: Re: [OpenID] OAuth SPs don't have to be your OpenID OP
> The problem is that we are not considering one aspect of the
> internet we have
> seen over the years. The internet has an uncanny ability to sort out trust
> issues on it own. Users learn which RP's to trust. Rp's learn
> which OP's to
> trust. Maybe we should factor this into the thinking and move on
> instead of
> getting bogged down by trust issues.
> Andrew Arnott wrote:
> >> Why should OpenID support OAuth at all? OpenID can stand on
> its own. All
> >> OpenID needs to do is address the concerns of RP's and users.
> > Why? Because in your own words "OpenID needs to ... address
> the concerns
> > of
> > RPs and users". OAuth protects users, and aids RPs. Yes, OpenID and
> > OAuth
> > can and do stand on their own. But if they are to be used together, it
> > can
> > be confusing and cumbersome to users unless we work to streamline the
> > process.
> > Pure and simple.
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> View this message in context:
Sent from the OpenID - General mailing list archive at Nabble.com.
general mailing list
general at openid.net
More information about the general