Building identity on top of OAuth 2.0?
David Recordon
recordond at gmail.com
Sat May 15 23:57:17 UTC 2010
The past few months I've had a bunch of one on one conversations with a lot
of different people – including many of folks on this list – about ways to
build a future version of OpenID on top of OAuth 2.0. Back in March when I
wrote a draft of OAuth 2.0 I mentioned it as one of my future goals as well
(http://daveman692.livejournal.com/349384.html).
Basically moving us to where there's a true technology stack of TCP/IP ->
HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome APIs). Not just
modernizing the technology, but also focusing on solving a few of the key
"product" issues we hear time and time again.
I took the past few days to write down a lot of these ideas and glue them
together. Talked with Chris Messina who thought it was an interesting idea
and decided to dub it "OpenID Connect" (see
http://factoryjoe.com/blog/2010/01/04/openid-connect/). And thanks to Eran
Hammer-Lahav and Joseph Smarr for some help writing bits of it!
So, a modest proposal that I hope gets the conversation going again.
http://openidconnect.com/
--David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100515/4d60cd37/attachment.htm>
More information about the specs
mailing list