[OpenID] OAuth SPs don't have to be your OpenID OP

Chris Messina chris.messina at gmail.com
Sat Apr 4 15:01:42 UTC 2009


On Sat, Apr 4, 2009 at 10:57 AM, santrajan <santrajan at gmail.com> wrote:

>
> Yes but the consumer registration is still required right? I mean it
> wouldn't
> work without the OAuth key?


Auto-registration is a possibility. It's not unlike the association that
takes place in OpenID on the fly, to the best of my [limited] knowledge.


> Regarding centralized discovery I was thinking of a centralized repository
> for identities that will allow discovery and manage trust.
>

You mean like Passport or Facebook? I'm not sure I understand what you're
proposing. Centralization is against the model and design of the web
(albeit, DNS is pretty much centralized discovery/resolution).

Have you read about the Personal Discovery Service?

http://sites.google.com/site/oauthgoog/Home/pds

Chris



>
>
> Chris Messina wrote:
> >
> > Nothing about OAuth prevents an ad-hoc approach to consumer registration
> > and
> > so it could be used in a more decentralized way — it's just unlikely
> given
> > the control that SPs (service providers) desire.
> > I'm confused by what you mean by "centralized discovery".
> >
> > In the model I've espoused, an individual asserts her identity provider
> to
> > a
> > relying party or consumer; the RP or consumer inspects the provided
> > identity
> > and through discovery, detects where certain types of services or an
> > authentication provider are located. Depending on the present task,
> > authentication, authorization or both will then occur.
> >
> > Identity, discovery, authentication, and authorization can be served by
> > one
> > or more substitutable providers. Relationships between each of these and
> > consumers or relying parties are handled on a per-instance and revokable
> > basis.
> >
> > At least that's the working model in my head.
> >
> > On Sat, Apr 4, 2009 at 9:43 AM, santrajan <santrajan at gmail.com> wrote:
> >
> >>
> >> But OAuth is not decentralised like OpenId. We need centralized
> discovery
> >> and
> >> decentralized authentication. The centralised discovery will take care
> of
> >> the trust part.
> >>
> >>
> >> Chris Messina wrote:
> >> >
> >> > From a purely technological perspective, OpenID doesn't work in
> >> > desktoclients or for APIs.
> >> >
> >> > This is one of the primary reasons OAuth came about: Magnolia and
> >> > Twitter couldn't fully adopt OpenID without something for
> >> > non-browser-based environments.
> >> >
> >> > OpenID & OAuth are complements, not competitors. Making them work
> >> > together more seamlessly where possible is driven by interface
> >> > convenience, not technological superiority.
> >> >
> >> > Chris
> >> >
> >> > On 4/3/09, santrajan <santrajan at gmail.com> wrote:
> >> >>
> >> >> Why should OpenID support OAuth at all? OpenID can stand on its own.
> >> All
> >> >> OpenID needs to do is address the concerns of RP's and users.
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22883548.html
> >> Sent from the OpenID - General mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >
> >
> >
> > --
> > Chris Messina
> > Citizen-Participant &
> >  Open Web Advocate
> >
> > factoryjoe.com // diso-project.org // vidoop.com
> > This email is:   [ ] bloggable    [X] ask first   [ ] private
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22884266.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
Chris Messina
Citizen-Participant &
 Open Web Advocate

factoryjoe.com // diso-project.org // vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090404/b478ff5a/attachment-0002.htm>


More information about the general mailing list