Building identity on top of OAuth 2.0? (TAKE 2)
SitG Admin
sysadmin at shadowsinthegarden.com
Tue May 18 21:13:48 UTC 2010
>The spec is at http://bitbucket.org/openid/ab/
I don't understand how this is all working, but I do notice that the
user isn't relaying data anymore. Since private data should've been
encrypted in the first place, there's no real loss of letting the
user read their redirect string themselves before committing to it
(and how many users would even do that?), so I don't see any risks in
removing this step from the user's role.
-Shade
More information about the specs
mailing list