On Wed, Dec 5, 2012 at 8:07 AM, Brian Campbell <span dir="ltr"><<a href="mailto:bcampbell@pingidentity.com" target="_blank">bcampbell@pingidentity.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
> You don't have interoperability with OAuth2.<br><div class="im">
<br>
</div>Please spare that hyperbole for personal blog posts attacking the<br>
evils of big corporate America. It's a crutch argument that's largely<br>
untrue and any interoperability problems that OAuth 2 might suffer are<br>
certainly not due to the conditional optionality of one request<br>
parameter.<br></blockquote><div><br>Calm down. It is absolutely the case that OAuth2, for all its virtues, does not give you interoperability in the sense that “If I protect my resources in an OAuth2 comformant way and you protect yours in an OAuth2 conformant way, then conformant client software will automatically work with both.” That kind of thing is true with HTTP, and with SMTP, and with lots of other ****P’s, but not remotely OAuth 2.0. I’m not even sure this is a problem, OAuth2 gives you a framework that you can build real interoperable protocols on, which I think OIDC is trying to be.<br>
<br>So, for OIDC, it is very valuable to remove as many as possible variations and at-the-discretion-of-the-server clauses, if there is to be a reasonable hope of good interoperability. Every “if” statement you force on implementers is a barrier to that. <br>
<br>For example: Send a redirect_uri with your auth request, then you don’t have to worry about breaking things when someone puts another redirect in the app registration to do some testing on their laptop. Seems like a no-brainer to me.<br>
<br>-T<br><br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</div></div></blockquote></div><br>