Building identity on top of OAuth 2.0?
SitG Admin
sysadmin at shadowsinthegarden.com
Mon May 17 02:44:17 UTC 2010
>Shade wrote:
>> Neither the old nor the new is pleasant. It's just a different
>>kind of unpleasant, really.
>
>So have you got a decision criterion you think we should use to pick
>between them? Perhaps an alternative mechanism we could use instead?
Such as "lesser of two evils"? Lesser in which respect? My purpose in
pointing this out was simply awareness (let's remember that we used
to face this certain problem, and now we've changed the shape of it
but it is still, in essence, the same problem), and if anyone has a
3rd variation that removes this problem entirely then they'll be
nudged to come forward, but if not (and I doubt anyone will), let's
understand the limitations of the solution we're proposing to move to
(that it won't solve everything).
I'm not sure it *should* solve this particular problem, either; it
may be out of scope for OpenID, and MultiAuth (an application
thereof) may try to patch it.
-Shade
More information about the specs
mailing list