But no matter what, even with oAuth I will need to log in using a web browser at some point in order to get that key/secret combination, won't i? Unless there are providers that offer programmatic log in?<br><br>I have a feeling we are going to end up having to write something ourselves :S<br>
<br><br><div class="gmail_quote">On Thu, Oct 15, 2009 at 11:54 AM, John Bradley <span dir="ltr"><<a href="mailto:ve7jtb@ve7jtb.com" target="_blank">ve7jtb@ve7jtb.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>You can have the user authenticate to the oAuth provider via openID if it is a condition of the grant:)<div><br></div><div>That may be the best way to do it anyway depending on how the app is configured.</div>
<div><br></div><div>John B.<div><div></div><div><br><div><div>On 2009-10-15, at 12:00 PM, Anthony Brassac wrote:</div><br><blockquote type="cite">Thanks all for your replies, oAuth looks like it could do it for us, however it seems management had agreed upon using OpenID (research grant related I think), so I'll have to see what gives. Anyway, I appreciate your support.<br>
<br><div class="gmail_quote">On Wed, Oct 14, 2009 at 1:47 AM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com" target="_blank">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Users giving there passwords to RPs is what openID is trying to prevent.<br>
That is why passwords are not supported in the redirect.<br>
</blockquote>
<br></div>
Hmm . . . minor clarification here, though: users giving passwords *their passwords for the OP* (or otherwise transmitting "in the clear") is not compatible with OpenID.<br>
<br>
If the RP wants to ask for another password (one local to that system), e.g. for rarely invoked high levels of access, it *might* be compatible with OpenID (depends on the exact use, but isn't automatically NOT compatible).<br>
<br>
The description Anthony gave sounds vaguely like Kerberos (from the MIT dialogue), but my mind is stuffed full of other things right now and I get a bit of a headache just getting some meaning out of roughly half of it (the rest seems beyond me tonight).<br>
<br>
-Shade<div><div></div><div><br>
_______________________________________________<br>
security mailing list<br>
<a href="mailto:security@lists.openid.net" target="_blank">security@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-security" target="_blank">http://lists.openid.net/mailman/listinfo/openid-security</a><br>
</div></div></blockquote></div><br>
</blockquote></div><br></div></div></div></div></blockquote></div><br>