Building identity on top of OAuth 2.0?

Ben Laurie benl at google.com
Wed May 19 09:25:39 UTC 2010


On 16 May 2010 00:57, David Recordon <recordond at gmail.com> wrote:

> The past few months I've had a bunch of one on one conversations with a lot
> of different people – including many of folks on this list – about ways to
> build a future version of OpenID on top of OAuth 2.0. Back in March when I
> wrote a draft of OAuth 2.0 I mentioned it as one of my future goals as well
> (http://daveman692.livejournal.com/349384.html).
>
> Basically moving us to where there's a true technology stack of TCP/IP ->
> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome APIs). Not just
> modernizing the technology, but also focusing on solving a few of the key
> "product" issues we hear time and time again.
>
> I took the past few days to write down a lot of these ideas and glue them
> together. Talked with Chris Messina who thought it was an interesting idea
> and decided to dub it "OpenID Connect" (see
> http://factoryjoe.com/blog/2010/01/04/openid-connect/). And thanks to Eran
> Hammer-Lahav and Joseph Smarr for some help writing bits of it!
>
> So, a modest proposal that I hope gets the conversation going again.
> http://openidconnect.com/
>

If the goal is to get something as weak as possible without it instantly
collapsing around your ears, then this sounds like a great plan.

If, OTOH, you are interested in actually protecting peoples' identities,
then OAuth 2.0 doesn't seem like a great starting point.


>
> --David
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100519/71a0d2cd/attachment.htm>


More information about the specs mailing list