OpenID/Oauth hybrid [was Re: specs Digest, Vol 27, Issue 3]
mart at degeneration.co.uk
Wed Nov 19 21:02:30 UTC 2008
There is definitely a benefit to not having to roll a new implementation
of key authorization for each provider. I'm not saying that OAuth serves
no purpose at all.
I'm just saying that requiring a business relationship to exist between
every consumer and every service provider is not conducive to creating
an open marketplace where anyone can be a consumer and anyone can be a
provider as we see with OpenID, and it can't scale beyond a few providers.
So while code reuse is a good thing, I'd like to think we can achieve
more than that.
Allen Tom wrote:
> Hi Martin,
> Not sure why you say that requiring pre-registration and having an open
> stack are mutually exclusive. Are you saying that there's no benefit for
> service providers to provide a standard interface to developers?
> Martin Atkins wrote:
>> Allen Tom wrote:
>>> One problem with this approach is that many SPs like Yahoo and
>>> MySpace will require developers to register their site to get a
>>> Consumer Key. Given that the developer already has to manually get a
>>> CK, there might not that much value in defining a workflow for
>>> Consumers to discover the OAuth endpoints.
>> As long as this is true it will be impossible for such SPs to expose
>> non-proprietary protocols like PortableContacts, so either these SPs
>> will need to find a way to work without pre-registration or we'll all
>> have to accept that the open stack is impossible and go find something
>> more productive to do.
More information about the specs