[OpenID] Definition of OpenID
Nat Sakimura
sakimura at gmail.com
Tue Jun 8 07:31:02 UTC 2010
Many people say that OpenID is for Authentication and OAuth is for
Authorization.
This does not seem to be an accurate statement.
In fact, OpenID does not do the "authentication" in the narrow meaning and
OAuth does not do the "authorization" in the narrow meaning.
More accurate characterization would be something like:
OpenID is a Digital Identity Framework that that conveys the authorization
decision and identity attributes/data of an authenticated identity from the
identity provider (OpenID provider, OP) to a requesting party called relying
party (RP).
OAuth is a protocol that allows one to delegate the access authorization to
a resource to a third party. (<= need better wording.)
Any discussion?
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20100608/f9e231ee/attachment.html>
More information about the general
mailing list