Would love to have a more readable rewrite. <div><br></div><div>We should make an authoritative punch line that we can use it at many places, </div><div>including wikipedia. </div><div><br></div><div>=nat</div><div><br><div class="gmail_quote">
On Tue, Jun 8, 2010 at 4:40 PM, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com">recordond@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
We wrote <a href="http://openid.net/get-an-openid/what-is-openid/" target="_blank">http://openid.net/get-an-openid/what-is-openid/</a> a year or two<br>
ago. It's far more of a product definition than a technical one, but<br>
supports what you wrote. Ever since we made OpenID 2.0 extensible and<br>
a combination of other technologies a few years ago it's been a<br>
framework.<br>
<br>
As you point out, OpenID has never done user authentication itself.<br>
Rather that's handled by cookies, passwords, tokens, certs, etc.<br>
OpenID does however perform authentication from the provider to the<br>
relying party once the user has authenticated and granted<br>
authorization.<br>
<br>
So yes, I agree with your definitions but would rewrite them and<br>
clarify the intended audience. (Unfortunately 1am isn't a good time<br>
for me to propose better wording.)<br>
<br>
--David<br>
<div><div></div><div class="h5"><br>
<br>
On Tue, Jun 8, 2010 at 12:31 AM, Nat Sakimura <<a href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>> wrote:<br>
> Many people say that OpenID is for Authentication and OAuth is for<br>
> Authorization.<br>
> This does not seem to be an accurate statement.<br>
> In fact, OpenID does not do the "authentication" in the narrow meaning and<br>
> OAuth does not do the "authorization" in the narrow meaning.<br>
> More accurate characterization would be something like:<br>
> OpenID is a Digital Identity Framework that that conveys the authorization<br>
> decision and identity attributes/data of an authenticated identity from the<br>
> identity provider (OpenID provider, OP) to a requesting party called relying<br>
> party (RP).<br>
> OAuth is a protocol that allows one to delegate the access authorization to<br>
> a resource to a third party. (<= need better wording.)<br>
> Any discussion?<br>
><br>
> --<br>
> Nat Sakimura (=nat)<br>
> <a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br>
> <a href="http://twitter.com/_nat_en" target="_blank">http://twitter.com/_nat_en</a><br>
><br>
</div></div>> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
><br>
><br>
</blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br><a href="http://twitter.com/_nat_en">http://twitter.com/_nat_en</a><br>
</div>