[OpenID] OAuth SPs don't have to be your OpenID OP

Johannes Ernst jernst+openid.net at netmesh.us
Sat Apr 4 06:00:35 UTC 2009


+10.

I wouldn't call it "attribute provider" because some of them clearly  
serve much richer information than could ever reasonably be packed  
into attribute lists.
And there should be a better term than "discovery provider", too --  
it's more like the user-centric aggregation point, which offers that  
aggregation as a service called discovery.

But architecturally spot on. At least I think so ;-)



On Apr 3, 2009, at 22:58, Nat wrote:

> Right. And I think we are approaching a time that we should stop  
> thinking of an OP but Discovery provider, Authentication Provider,  
> and Attribute Provider.
>
> =nat at TOKYO via iPhone
>
> On 2009/04/04, at 12:25, Andrew Arnott <andrewarnott at gmail.com> wrote:
>
>> Just a simple request: please keep in mind that your OP doesn't  
>> have to be your OAuth SP as well.
>>
>> It seems that every time OAuth is mentioned, it's "OpenID+OAuth"  
>> where the OP is also your OAuth SP.  Let's remember that unless  
>> every site that has something to offer becomes an OP, not every  
>> OAuth SP will be an OP.  We should work to make the OAuth UX by  
>> itself seemless for the user as well, particularly if the user logs  
>> into both the consumer and the SP using the same OpenID.
>>
>> --
>> Andrew Arnott
>> "I [may] not agree with what you have to say, but I'll defend to  
>> the death your right to say it." - Voltaire
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general




More information about the general mailing list