[OpenID] OAuth SPs don't have to be your OpenID OP

Chris Messina chris.messina at gmail.com
Sat Apr 4 14:18:42 UTC 2009


Nothing about OAuth prevents an ad-hoc approach to consumer registration and
so it could be used in a more decentralized way — it's just unlikely given
the control that SPs (service providers) desire.
I'm confused by what you mean by "centralized discovery".

In the model I've espoused, an individual asserts her identity provider to a
relying party or consumer; the RP or consumer inspects the provided identity
and through discovery, detects where certain types of services or an
authentication provider are located. Depending on the present task,
authentication, authorization or both will then occur.

Identity, discovery, authentication, and authorization can be served by one
or more substitutable providers. Relationships between each of these and
consumers or relying parties are handled on a per-instance and revokable
basis.

At least that's the working model in my head.

On Sat, Apr 4, 2009 at 9:43 AM, santrajan <santrajan at gmail.com> wrote:

>
> But OAuth is not decentralised like OpenId. We need centralized discovery
> and
> decentralized authentication. The centralised discovery will take care of
> the trust part.
>
>
> Chris Messina wrote:
> >
> > From a purely technological perspective, OpenID doesn't work in
> > desktoclients or for APIs.
> >
> > This is one of the primary reasons OAuth came about: Magnolia and
> > Twitter couldn't fully adopt OpenID without something for
> > non-browser-based environments.
> >
> > OpenID & OAuth are complements, not competitors. Making them work
> > together more seamlessly where possible is driven by interface
> > convenience, not technological superiority.
> >
> > Chris
> >
> > On 4/3/09, santrajan <santrajan at gmail.com> wrote:
> >>
> >> Why should OpenID support OAuth at all? OpenID can stand on its own. All
> >> OpenID needs to do is address the concerns of RP's and users.
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22883548.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
Chris Messina
Citizen-Participant &
 Open Web Advocate

factoryjoe.com // diso-project.org // vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090404/b83c8589/attachment-0002.htm>


More information about the general mailing list