[OpenID] [oauth] Re: Replacing email verification with RSS 'push' feeds and OAuth

Martin Atkins mart at degeneration.co.uk
Wed Apr 8 16:23:54 UTC 2009

Terrell Russell wrote:
> On 4/8/09 12:33 AM, Martin Atkins wrote:
>> And with all that said, I would love to see a mechanism for my OpenID
>> provider to accept messages on my behalf. Years ago I specced out a
>> protocol simply called "Send a Message Protocol" which was intended to
>> solve this problem, but it was never migrated from the old OpenID wiki
>> and I don't know how to get to the old OpenID wiki. It was a pretty
>> straightforward protocol anyway, and now that OAuth is a standard (which
>> it wasn't at the time) it ought to be even simpler.
> Give thanks to Brewster...
> http://web.archive.org/web/20071022150209/wiki.openid.net/Send_A_Message_Protocol 

Excellent. Thanks for digging that up.

Now that I read over it again, I see that it was mostly focused on 
interactively sending messages between humans rather than services 
sending messages to humans, but at the highest level the protocol here 
is "use some kind of authentication to POST an email message to an HTTP 
endpoint", which means that OAuth could presumably be swapped in as an 
authentication mechanism, with your "messaging provider" as the SP and 
the sender as the "consumer".

More information about the general mailing list