[OpenID] Verisign Announces Free OpenID Digital Lockbox

Andrew Arnott andrewarnott at gmail.com
Sat Feb 21 23:38:09 UTC 2009 

Hi Shade,

The 'hybrid' term used here is of an OpenID authentication protocol with an
OAuth extension that allows the user to be authenticated to an OP while also
asking the OP, doubling as an SP, for permission to access the user's data.
It was demoed between Plaxo and Gmail with huge success and it's a great
user experience... assuming you want Gmail to be your OP, and assuming the
data the RP wants to access is hosted by Google.

You're right, the OP and SP are not the same party given the specifications
as they stand today.  But the hybrid specification (in draft, and I haven't
read it) seems to have only been applied to scenarios where the SP and OP
are the same party.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire


On Sat, Feb 21, 2009 at 3:34 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:

>  We need a way to do hybrid when the OP and the SP are not the same party,
>> and ideally we need it sooner rather than later.
>>
>
> I've just done a lot of reading about OAuth, and I have a better
> understanding now of what it is, but I still don't understand what you mean
> by "do hybrid". I see that "SP" means "site that has my data" (not
> necessarily the site that's authenticating me to the RP), but I'm hesitant
> to assume a particular meaning of "hybrid". Can you elaborate here?
>
> The OpenID/OAuth hybrid is a nice UX fix in the short term, but it is not
>> good if I'm forced to use a single provider for everything from
>> authentication to address books to calendars to whatever else we make work
>> with OAuth in future.
>>
>
> Also, how is the hybrid setup forcing users to have a single provider? (And
> are we speaking of OpenID Providers, Service Providers, or the hybrid
> Providers?)
>
> -Shade
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090221/d2fed2ca/attachment-0002.htm>

More information about the general mailing list