[OpenID] OAuth SPs don't have to be your OpenID OP
chris.messina at gmail.com
Sat Apr 4 15:50:07 UTC 2009
On Sat, Apr 4, 2009 at 11:23 AM, santrajan <santrajan at gmail.com> wrote:
> Exactly! To quote from that doc.
> "The suggested approach involves two new systems that we refer to as the
> (Central Discovery Service) & PDS (Personal Discovery Service). The only
> job of the CDS is to indicate the location of the user's PDS. "
> Something like this for OpenID.
Right. This was what we discussed at the OpenID Design Workshop — that such
a PDS system could hint to the browser what OP the current user uses — and
nothing more — to enable a generic "Sign in" button for the web w/o having
to support the Nascar screen of logo-buttons that will surely emerge with
the proliferation of directed identity and OPs.
> Chris Messina wrote:
> > On Sat, Apr 4, 2009 at 10:57 AM, santrajan <santrajan at gmail.com> wrote:
> >> Yes but the consumer registration is still required right? I mean it
> >> wouldn't
> >> work without the OAuth key?
> > Auto-registration is a possibility. It's not unlike the association that
> > takes place in OpenID on the fly, to the best of my [limited] knowledge.
> >> Regarding centralized discovery I was thinking of a centralized
> >> repository
> >> for identities that will allow discovery and manage trust.
> > You mean like Passport or Facebook? I'm not sure I understand what you're
> > proposing. Centralization is against the model and design of the web
> > (albeit, DNS is pretty much centralized discovery/resolution).
> > Have you read about the Personal Discovery Service?
> > http://sites.google.com/site/oauthgoog/Home/pds
> > Chris
Open Web Advocate
factoryjoe.com // diso-project.org // vidoop.com
This email is: [ ] bloggable [X] ask first [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the general