[OpenID] Verisign Announces Free OpenID Digital Lockbox
Martin Atkins
mart at degeneration.co.uk
Sat Feb 21 22:01:38 UTC 2009
Andrew Arnott wrote:
> I fear that the "beauty" of the OpenID/OAuth hybrid will end up making all
> SPs become OPs as well, thereby virtually defeating the promise of OpenID's
> single-sign-on.
Agreed.
We need a way to do hybrid when the OP and the SP are not the same
party, and ideally we need it sooner rather than later.
The OpenID/OAuth hybrid is a nice UX fix in the short term, but it is
not good if I'm forced to use a single provider for everything from
authentication to address books to calendars to whatever else we make
work with OAuth in future.
It also seems to me that the OpenID part of the OpenID/OAuth hybrid is
actually redundant in many scenarios. For example, if I'm connecting to
a PortableContacts endpoint using OAuth, the PortableContacts "self"
endpoint can in theory provide a superset of the information provided by
the OpenID transaction.
More information about the general
mailing list