[OpenID] OpenID Exchange
mart at degeneration.co.uk
Mon Jan 15 19:07:11 UTC 2007
Simon Willison wrote:
> On 15 Jan 2007, at 08:08, Martin Atkins wrote:
>> OpenID Exchange is a protocol for doing arbitrary HTTP requests
>> between two sites where the caller acts on behalf of the user and the
>> user gives that caller a one-time permission to perform the action.
> So it's basically a spec for doing with OpenID the kind of things
> that Flickr's authentication API does? i.e. a mechanism for letting a
> third party application make API calls on your behalf without having
> to give them your full authentication details?
After having a quick look at that I'd say yes, it is very similar.
They could in theory implement their "login link" thing over OpenID
Exchange, and then proceed as normal with the returned "frob".
However, I'm more interested in generic, multi-platform APIs that allow
a loosely-coupled client and server, however. The "Post to my Weblog"
service is intended so that in theory any random site can post to any
random weblog — regardless of weblog platform — without needing any
pre-existing relationship nor any of this "API Key" nonsense.
 Of course, the weblog platform will need to implement the "Post to
my weblog" protocol!
More information about the general