[OpenID] OAuth vs. AX
Johannes Ernst
jernst+openid.net at netmesh.us
Sat Apr 4 03:57:19 UTC 2009
This is the old "Push vs. Pull" debate for which there are mountains
of discussion in the archives of this very mailing list.
To agree with you, I still think that there's a reason the web is all
"get" and almost never "push". Even "push" technologies such as RSS
are really pull under the hood.
Which is why LID was designed even 4+ years back to be always pull.
Perhaps time to remind people of it ...
E.g.
http://lid.netmesh.org/wiki/LID_2.0_Traversal_Service
In LID, an HTTP GET request according to this approach is signed
either with a GPG signature, or with the OpenID authentication
signature. Could be OAuth, too.
On Apr 3, 2009, at 20:17, Andrew Arnott wrote:
> AX has this push mechanism that allows OPs to notify RPs when
> attribute values have changed. I've never heard of this being
> used. RPs probably do want to know when their user's data has
> changed, but AX push is too scary, too poorly supported, or something.
>
> But what if we took a different approach. What if instead of AX, we
> used OAuth. Follow me on this.
>
> Send an OAuth request for permissions to a user's email address,
> rather than an AX request for the email address itself. Then the RP
> can request the user's email address whenever it wants it, whether
> or not the user is currently authenticating.
>
> What does this buy you? Ok, not a lot. But it's an interesting use
> case for OAuth that I think we should consider.
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the
> death your right to say it." - Voltaire
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 977 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090403/113d2803/attachment-0004.gif>
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090403/113d2803/attachment-0005.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the general
mailing list