[OpenID] Definition of OpenID
Andy Powell
andy.powell at eduserv.org.uk
Tue Jun 8 12:32:19 UTC 2010
I suspect we need at least two variants, one for a general audience and one more technically correct ;-).
I find your proposed wording for OAuth ("OAuth is a protocol that allows one to delegate the access authorization to a resource to a third party") somewhat problematic since it's not overly clear what is being delegated to who? Tbh, I prefer the current wording at http://oauth.net/ ("An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications") - I think there is a subtle distinction between 'allowing authorization' and 'doing authorization' which makes this wording OK.
On that basis, how about something like the following:
General audience
OpenID allows you to use an existing website account to sign in to multiple other websites, without needing to create any new passwords.
OAuth allows you to access a website using a desktop or web-based application, without needing to type the username and password for that website into the application.
Technical audience
OpenID is an open standard digital identity framework that allows attributes about an authenticated user to be passed from one website (the OpenID provider) to another (the relying party), usually for the purposes of authorizing access.
OAuth is an open standard protocol that allows simple and secure API authorization from desktop and web-based applications.
??
Andy
--
Andy Powell
Research Programme Director
Eduserv
t: 01225 474319
m: 07989 476710
twitter: @andypowe11
blog: efoundations.typepad.com
www.eduserv.org.uk<http://www.eduserv.org.uk>
From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: 08 June 2010 11:35
To: David Recordon
Cc: openid-general at lists.openid.net
Subject: Re: [OpenID] Definition of OpenID
Would love to have a more readable rewrite.
We should make an authoritative punch line that we can use it at many places,
including wikipedia.
=nat
On Tue, Jun 8, 2010 at 4:40 PM, David Recordon <recordond at gmail.com<mailto:recordond at gmail.com>> wrote:
We wrote http://openid.net/get-an-openid/what-is-openid/ a year or two
ago. It's far more of a product definition than a technical one, but
supports what you wrote. Ever since we made OpenID 2.0 extensible and
a combination of other technologies a few years ago it's been a
framework.
As you point out, OpenID has never done user authentication itself.
Rather that's handled by cookies, passwords, tokens, certs, etc.
OpenID does however perform authentication from the provider to the
relying party once the user has authenticated and granted
authorization.
So yes, I agree with your definitions but would rewrite them and
clarify the intended audience. (Unfortunately 1am isn't a good time
for me to propose better wording.)
--David
On Tue, Jun 8, 2010 at 12:31 AM, Nat Sakimura <sakimura at gmail.com<mailto:sakimura at gmail.com>> wrote:
> Many people say that OpenID is for Authentication and OAuth is for
> Authorization.
> This does not seem to be an accurate statement.
> In fact, OpenID does not do the "authentication" in the narrow meaning and
> OAuth does not do the "authorization" in the narrow meaning.
> More accurate characterization would be something like:
> OpenID is a Digital Identity Framework that that conveys the authorization
> decision and identity attributes/data of an authenticated identity from the
> identity provider (OpenID provider, OP) to a requesting party called relying
> party (RP).
> OAuth is a protocol that allows one to delegate the access authorization to
> a resource to a third party. (<= need better wording.)
> Any discussion?
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
>
> _______________________________________________
> general mailing list
> general at lists.openid.net<mailto:general at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20100608/2d825bce/attachment.html>
More information about the general
mailing list