OpenID/OAuth hybrid - discovery
Manger, James H
James.H.Manger at team.telstra.com
Tue Nov 25 02:48:28 UTC 2008
>> Learning just that an OP supports the hybrid protocol
>> (without any indication of the associated protected resources)
>> seems to be of minimal value.
> Yes. However, when OAuth discovery happens (and the standardization
> effort is under way) it will much more than minimal value.
> Standardizing OAuth discovery is not in scope for this spec, but
> standardizing hybrid support indication is.
A future "OAuth discovery" could say:
"This SP supports the hybrid protocol with this OP http://..."
In this case section "5 Discovery" in the hybrid spec adds no value because the app already knows about the support.
Or a future "OAuth discovery" might not mention OpenID.
In this case section "5 Discovery" in the hybrid spec barely helps as there are no links between OP and SP.
>> James Manger
>> James.H.Manger at team.telstra.com
>> Identity and security team — Chief Technology Office — Telstra
More information about the specs
mailing list