[OpenID] Too many providers... and here's one reason
Dick Hardt
dick.hardt at gmail.com
Tue Sep 16 15:49:00 UTC 2008
On 15-Sep-08, at 6:06 PM, Andrew Arnott wrote:
> You know on second thought, perhaps OAuth is appropriate. The
> 'protected resource' in this case is my membership status. And
> while creating my account at the RP, I can check a box saying "you
> may check my membership at org xyz", which will cue the RP that it's
> worthwhile to redirect me to that site using OAuth to verify
> membership.
This works if the RP knows the address of where to check for
membership status. A more resilient and flexible model separates the
claim from where to get the claim so that the RP does not care where
the claim comes from, just that it got the claim.
Frankly, InfoCards solve your problem better then OAuth and OpenID
today.
-- Dick
More information about the general
mailing list