OAuth + OpenID
NISHITANI Masaki
m-nishitani at nri.co.jp
Tue Dec 11 09:23:33 UTC 2007
Hi all.
According to the theme, OAuth and OpenID, talked in the IIW
2007b, I have made up a brief diagrams for a sort of
self-brainstorming.
It is a shame for me not have been able to join in that
session in IIW, though regarding the wiki page placed at
http://iiw.idcommons.net/index.php/OAuth_and_OpenID ,
it went over mainly about a case of SP (it's an OAuth term)
and OP (OpenID term) are same one.
Now the diagrams consists of -
Page 1; Ordinary OAuth sequence chart.
Page 2; Same for OpenID.
Page 3; Using OAuth and OpenID together,
Consumer does not need authorization but access to
user's data stored in SP, and SP uses OpenID for its
authorization method.
Page 4; Superimposing OAuth and OpenID,
SP and OP are same one and consumer requires user's
data stored in OP/SP and uses OpenID as well.
This is a starting point for me and now I am looking for any
other use case and trying to make myself clear.
Probably there is some chances to make the protocols
simpler. One case is to skip association phase using the
Consumer secret or RSA key of the consumer to verify
consumer/RP.
I will be grad if I have comments.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenID_OAuth_Chart.pdf
Type: application/pdf
Size: 55502 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20071211/ffb7abb8/attachment-0002.pdf>
More information about the specs
mailing list