An OAuth OpenID Extension
David Recordon
drecordon at sixapart.com
Mon Oct 22 20:54:50 UTC 2007
Hey all,
I know John did some work in September (http://extremeswank.com/
openid_trusted_auth.html and http://extremeswank.com/
openid_inline_auth.html). Both solve extremely important use-cases
and are becoming increasingly discussed especially with the advent of
OAuth. I'd really like to see how we can work to write an extension
to OpenID Authentication where the OpenID Provider is also the one
handling OAuth credentials. This would be useful in the inline
authentication use case as well as if we move to a deployment
scenario where the OAuth Provider is checking with the user's OpenID
Provider to verify OAuth signatures. Overtime I also think moving
OpenID to the OAuth signature mechanism would be beneficial, but I
think that is a longer conversation.
--David
More information about the specs
mailing list