[OpenID] OAuth SPs don't have to be your OpenID OP
santrajan at gmail.com
Sat Apr 4 14:57:05 UTC 2009
Yes but the consumer registration is still required right? I mean it wouldn't
work without the OAuth key?
Regarding centralized discovery I was thinking of a centralized repository
for identities that will allow discovery and manage trust.
Chris Messina wrote:
> Nothing about OAuth prevents an ad-hoc approach to consumer registration
> so it could be used in a more decentralized way — it's just unlikely given
> the control that SPs (service providers) desire.
> I'm confused by what you mean by "centralized discovery".
> In the model I've espoused, an individual asserts her identity provider to
> relying party or consumer; the RP or consumer inspects the provided
> and through discovery, detects where certain types of services or an
> authentication provider are located. Depending on the present task,
> authentication, authorization or both will then occur.
> Identity, discovery, authentication, and authorization can be served by
> or more substitutable providers. Relationships between each of these and
> consumers or relying parties are handled on a per-instance and revokable
> At least that's the working model in my head.
> On Sat, Apr 4, 2009 at 9:43 AM, santrajan <santrajan at gmail.com> wrote:
>> But OAuth is not decentralised like OpenId. We need centralized discovery
>> decentralized authentication. The centralised discovery will take care of
>> the trust part.
>> Chris Messina wrote:
>> > From a purely technological perspective, OpenID doesn't work in
>> > desktoclients or for APIs.
>> > This is one of the primary reasons OAuth came about: Magnolia and
>> > Twitter couldn't fully adopt OpenID without something for
>> > non-browser-based environments.
>> > OpenID & OAuth are complements, not competitors. Making them work
>> > together more seamlessly where possible is driven by interface
>> > convenience, not technological superiority.
>> > Chris
>> > On 4/3/09, santrajan <santrajan at gmail.com> wrote:
>> >> Why should OpenID support OAuth at all? OpenID can stand on its own.
>> >> OpenID needs to do is address the concerns of RP's and users.
>> View this message in context:
>> Sent from the OpenID - General mailing list archive at Nabble.com.
>> general mailing list
>> general at openid.net
> Chris Messina
> Citizen-Participant &
> Open Web Advocate
> factoryjoe.com // diso-project.org // vidoop.com
> This email is: [ ] bloggable [X] ask first [ ] private
> general mailing list
> general at openid.net
View this message in context: http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22884266.html
Sent from the OpenID - General mailing list archive at Nabble.com.
More information about the general