Building identity on top of OAuth 2.0?

David Recordon recordond at gmail.com
Sun May 16 06:31:51 UTC 2010


Thanks Joseph!

When proposing the User Info API (http://openidconnect.com/#API) I was
really looking to establish what the minimum requirements are to provide the
value that sites are asking for and be interoperable. It's pretty clear that
JSON is the correct format for this API versus XML or returning
HTML snippets.  Both Simple Registration and Attribute Exchange are schemas
which rely on OpenID 1.0/2.0 messages for syntax and neither have been
widely adopted.

>From there I started looking for profile APIs in JSON. Portable Contacts is
the leading technology, but is too isn't widely adopted today. OpenID,
OAuth, Twitter, and Facebook all use underscores in parameter names while
Portable Contacts uses camelCase. I thus decided to take the parameter names
in Portable Contacts – Joseph Smarr did a lot of research into good
internationalized names – and convert them from camel case. I also flattened
the lists since the API is meant to be minimal and simple, but extensible by
servers.

Thus displayName became display_name and name:firstName became first_name.

As I said on the site, I fully expect Portable Contacts, Activity Streams,
etc to be deployed with OpenID Connect and even have those sorts of APIs be
used more actively than the simple User Info API. By providing what's
required for interop and an OAuth token we're able to push innovation around
APIs out to other communities versus trying to make OpenID do everything
itself.

So all of that said, any suggestions of how the User Info API could do a
better job of reusing existing schemas?

Thanks,
--David


On Sat, May 15, 2010 at 11:12 PM, Joseph Holsten
<joseph at josephholsten.com>wrote:

> David Recordon wrote:
> > Basically moving us to where there's a true technology stack of TCP/IP ->
> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome APIs). Not just
> modernizing the technology, but also focusing on solving a few of the key
> "product" issues we hear time and time again.
>
> I started a response, but it got into tldr territory, so I blahged instead.
> Briefly, let's not reinvent the user info wheel another time.
> http://blog.josephholsten.com/2010/05/your-new-new-web-identity/
> --
> http://josephholsten.com
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100515/787aa8ae/attachment.htm>


More information about the specs mailing list