[OpenID] OAuth SPs don't have to be your OpenID OP

santrajan santrajan at gmail.com
Sat Apr 4 15:23:46 UTC 2009


Exactly! To quote from that doc.
"The suggested approach involves two new systems that we refer to as the CDS
(Central Discovery Service) & PDS (Personal Discovery Service).  The only
job of the CDS is to indicate the location of the user's PDS. "

Something like this for OpenID.


Chris Messina wrote:
> 
> On Sat, Apr 4, 2009 at 10:57 AM, santrajan <santrajan at gmail.com> wrote:
> 
>>
>> Yes but the consumer registration is still required right? I mean it
>> wouldn't
>> work without the OAuth key?
> 
> 
> Auto-registration is a possibility. It's not unlike the association that
> takes place in OpenID on the fly, to the best of my [limited] knowledge.
> 
> 
>> Regarding centralized discovery I was thinking of a centralized
>> repository
>> for identities that will allow discovery and manage trust.
>>
> 
> You mean like Passport or Facebook? I'm not sure I understand what you're
> proposing. Centralization is against the model and design of the web
> (albeit, DNS is pretty much centralized discovery/resolution).
> 
> Have you read about the Personal Discovery Service?
> 
> http://sites.google.com/site/oauthgoog/Home/pds
> 
> Chris
> 
> 
> 
>>
>>
>> Chris Messina wrote:
>> >
>> > Nothing about OAuth prevents an ad-hoc approach to consumer
>> registration
>> > and
>> > so it could be used in a more decentralized way — it's just unlikely
>> given
>> > the control that SPs (service providers) desire.
>> > I'm confused by what you mean by "centralized discovery".
>> >
>> > In the model I've espoused, an individual asserts her identity provider
>> to
>> > a
>> > relying party or consumer; the RP or consumer inspects the provided
>> > identity
>> > and through discovery, detects where certain types of services or an
>> > authentication provider are located. Depending on the present task,
>> > authentication, authorization or both will then occur.
>> >
>> > Identity, discovery, authentication, and authorization can be served by
>> > one
>> > or more substitutable providers. Relationships between each of these
>> and
>> > consumers or relying parties are handled on a per-instance and
>> revokable
>> > basis.
>> >
>> > At least that's the working model in my head.
>> >
>> > On Sat, Apr 4, 2009 at 9:43 AM, santrajan <santrajan at gmail.com> wrote:
>> >
>> >>
>> >> But OAuth is not decentralised like OpenId. We need centralized
>> discovery
>> >> and
>> >> decentralized authentication. The centralised discovery will take care
>> of
>> >> the trust part.
>> >>
>> >>
>> >> Chris Messina wrote:
>> >> >
>> >> > From a purely technological perspective, OpenID doesn't work in
>> >> > desktoclients or for APIs.
>> >> >
>> >> > This is one of the primary reasons OAuth came about: Magnolia and
>> >> > Twitter couldn't fully adopt OpenID without something for
>> >> > non-browser-based environments.
>> >> >
>> >> > OpenID & OAuth are complements, not competitors. Making them work
>> >> > together more seamlessly where possible is driven by interface
>> >> > convenience, not technological superiority.
>> >> >
>> >> > Chris
>> >> >
>> >> > On 4/3/09, santrajan <santrajan at gmail.com> wrote:
>> >> >>
>> >> >> Why should OpenID support OAuth at all? OpenID can stand on its
>> own.
>> >> All
>> >> >> OpenID needs to do is address the concerns of RP's and users.
>> >> >>
>> >> >
>> >> >
>> >>
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22883548.html
>> >> Sent from the OpenID - General mailing list archive at Nabble.com.
>> >>
>> >> _______________________________________________
>> >> general mailing list
>> >> general at openid.net
>> >> http://openid.net/mailman/listinfo/general
>> >>
>> >
>> >
>> >
>> > --
>> > Chris Messina
>> > Citizen-Participant &
>> >  Open Web Advocate
>> >
>> > factoryjoe.com // diso-project.org // vidoop.com
>> > This email is:   [ ] bloggable    [X] ask first   [ ] private
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22884266.html
>> Sent from the OpenID - General mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
> 
> 
> 
> -- 
> Chris Messina
> Citizen-Participant &
>  Open Web Advocate
> 
> factoryjoe.com // diso-project.org // vidoop.com
> This email is:   [ ] bloggable    [X] ask first   [ ] private
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
> 

-- 
View this message in context: http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22884519.html
Sent from the OpenID - General mailing list archive at Nabble.com.




More information about the general mailing list