<div class="gmail_quote">On Sat, Apr 4, 2009 at 10:57 AM, santrajan <span dir="ltr"><<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
Yes but the consumer registration is still required right? I mean it wouldn't<br>
work without the OAuth key?</blockquote><div><br></div><div>Auto-registration is a possibility. It's not unlike the association that takes place in OpenID on the fly, to the best of my [limited] knowledge.</div><div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Regarding centralized discovery I was thinking of a centralized repository<br>
for identities that will allow discovery and manage trust.<br>
<div><div></div><div class="h5"></div></div></blockquote><div><br></div><div>You mean like Passport or Facebook? I'm not sure I understand what you're proposing. Centralization is against the model and design of the web (albeit, DNS is pretty much centralized discovery/resolution). </div>
<div><br></div><div>Have you read about the Personal Discovery Service?</div><div><br></div><div><a href="http://sites.google.com/site/oauthgoog/Home/pds">http://sites.google.com/site/oauthgoog/Home/pds</a></div><div><br>
</div><div>Chris</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div class="h5"><br>
<br>
Chris Messina wrote:<br>
><br>
> Nothing about OAuth prevents an ad-hoc approach to consumer registration<br>
> and<br>
> so it could be used in a more decentralized way — it's just unlikely given<br>
> the control that SPs (service providers) desire.<br>
> I'm confused by what you mean by "centralized discovery".<br>
><br>
> In the model I've espoused, an individual asserts her identity provider to<br>
> a<br>
> relying party or consumer; the RP or consumer inspects the provided<br>
> identity<br>
> and through discovery, detects where certain types of services or an<br>
> authentication provider are located. Depending on the present task,<br>
> authentication, authorization or both will then occur.<br>
><br>
> Identity, discovery, authentication, and authorization can be served by<br>
> one<br>
> or more substitutable providers. Relationships between each of these and<br>
> consumers or relying parties are handled on a per-instance and revokable<br>
> basis.<br>
><br>
> At least that's the working model in my head.<br>
><br>
> On Sat, Apr 4, 2009 at 9:43 AM, santrajan <<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>> wrote:<br>
><br>
>><br>
>> But OAuth is not decentralised like OpenId. We need centralized discovery<br>
>> and<br>
>> decentralized authentication. The centralised discovery will take care of<br>
>> the trust part.<br>
>><br>
>><br>
>> Chris Messina wrote:<br>
>> ><br>
>> > From a purely technological perspective, OpenID doesn't work in<br>
>> > desktoclients or for APIs.<br>
>> ><br>
>> > This is one of the primary reasons OAuth came about: Magnolia and<br>
>> > Twitter couldn't fully adopt OpenID without something for<br>
>> > non-browser-based environments.<br>
>> ><br>
>> > OpenID & OAuth are complements, not competitors. Making them work<br>
>> > together more seamlessly where possible is driven by interface<br>
>> > convenience, not technological superiority.<br>
>> ><br>
>> > Chris<br>
>> ><br>
>> > On 4/3/09, santrajan <<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>> wrote:<br>
>> >><br>
>> >> Why should OpenID support OAuth at all? OpenID can stand on its own.<br>
>> All<br>
>> >> OpenID needs to do is address the concerns of RP's and users.<br>
>> >><br>
>> ><br>
>> ><br>
>><br>
>> --<br>
>> View this message in context:<br>
>> <a href="http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22883548.html" target="_blank">http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22883548.html</a><br>
>> Sent from the OpenID - General mailing list archive at Nabble.com.<br>
>><br>
>> _______________________________________________<br>
>> general mailing list<br>
>> <a href="mailto:general@openid.net">general@openid.net</a><br>
>> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
>><br>
><br>
><br>
><br>
> --<br>
> Chris Messina<br>
> Citizen-Participant &<br>
> Open Web Advocate<br>
><br>
> <a href="http://factoryjoe.com" target="_blank">factoryjoe.com</a> // <a href="http://diso-project.org" target="_blank">diso-project.org</a> // <a href="http://vidoop.com" target="_blank">vidoop.com</a><br>
> This email is: [ ] bloggable [X] ask first [ ] private<br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
><br>
<br>
--<br>
</div></div>View this message in context: <a href="http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22884266.html" target="_blank">http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22884266.html</a><br>
<div><div></div><div class="h5">Sent from the OpenID - General mailing list archive at Nabble.com.<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Citizen-Participant &<br> Open Web Advocate<br><br><a href="http://factoryjoe.com">factoryjoe.com</a> // <a href="http://diso-project.org">diso-project.org</a> // <a href="http://vidoop.com">vidoop.com</a><br>
This email is: [ ] bloggable [X] ask first [ ] private<br>