[OpenID] OpenID Exchange

Martin Atkins mart at degeneration.co.uk
Mon Jan 15 19:07:11 UTC 2007

Simon Willison wrote:
> On 15 Jan 2007, at 08:08, Martin Atkins wrote:
>> OpenID Exchange[1] is a protocol for doing arbitrary HTTP requests
>> between two sites where the caller acts on behalf of the user and the
>> user gives that caller a one-time permission to perform the action.
> So it's basically a spec for doing with OpenID the kind of things  
> that Flickr's authentication API does? i.e. a mechanism for letting a  
> third party application make API calls on your behalf without having  
> to give them your full authentication details?
> http://flickr.com/services/api/auth.spec.html

After having a quick look at that I'd say yes, it is very similar.

They could in theory implement their "login link" thing over OpenID 
Exchange, and then proceed as normal with the returned "frob".

However, I'm more interested in generic, multi-platform APIs that allow 
a loosely-coupled client and server, however. The "Post to my Weblog" 
service is intended so that in theory any random site can post to any 
random weblog — regardless of weblog platform[1] — without needing any 
pre-existing relationship nor any of this "API Key" nonsense.


[1] Of course, the weblog platform will need to implement the "Post to 
my weblog" protocol!

More information about the general mailing list