[OpenID] OAuth SPs don't have to be your OpenID OP
jernst+openid.net at netmesh.us
Sat Apr 4 06:00:35 UTC 2009
I wouldn't call it "attribute provider" because some of them clearly
serve much richer information than could ever reasonably be packed
into attribute lists.
And there should be a better term than "discovery provider", too --
it's more like the user-centric aggregation point, which offers that
aggregation as a service called discovery.
But architecturally spot on. At least I think so ;-)
On Apr 3, 2009, at 22:58, Nat wrote:
> Right. And I think we are approaching a time that we should stop
> thinking of an OP but Discovery provider, Authentication Provider,
> and Attribute Provider.
> =nat at TOKYO via iPhone
> On 2009/04/04, at 12:25, Andrew Arnott <andrewarnott at gmail.com> wrote:
>> Just a simple request: please keep in mind that your OP doesn't
>> have to be your OAuth SP as well.
>> It seems that every time OAuth is mentioned, it's "OpenID+OAuth"
>> where the OP is also your OAuth SP. Let's remember that unless
>> every site that has something to offer becomes an OP, not every
>> OAuth SP will be an OP. We should work to make the OAuth UX by
>> itself seemless for the user as well, particularly if the user logs
>> into both the consumer and the SP using the same OpenID.
>> Andrew Arnott
>> "I [may] not agree with what you have to say, but I'll defend to
>> the death your right to say it." - Voltaire
>> general mailing list
>> general at openid.net
> general mailing list
> general at openid.net
More information about the general