Building identity on top of OAuth 2.0?

Chris Messina chris.messina at gmail.com
Wed May 19 14:46:33 UTC 2010 

Can you please expand on and be more specific about what you mean by  
this:

" If, OTOH, you are interested in actually protecting peoples'  
identities, then OAuth 2.0 doesn't seem like a great starting point."

What would be a better starting point? And what does it mean to  
"protect peoples' identities" in your thinking?

Thanks,

Chris

Sent from my iPhone 2G

On May 19, 2010, at 2:25 AM, Ben Laurie <benl at google.com> wrote:

>
>
> On 16 May 2010 00:57, David Recordon <recordond at gmail.com> wrote:
> The past few months I've had a bunch of one on one conversations  
> with a lot of different people – including many of folks on this lis 
> t – about ways to build a future version of OpenID on top of OAuth 2 
> .0. Back in March when I wrote a draft of OAuth 2.0 I mentioned it a 
> s one of my future goals as well (http://daveman692.livejournal.com/349384.html 
> ).
>
> Basically moving us to where there's a true technology stack of TCP/ 
> IP -> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome  
> APIs). Not just modernizing the technology, but also focusing on  
> solving a few of the key "product" issues we hear time and time again.
>
> I took the past few days to write down a lot of these ideas and glue  
> them together. Talked with Chris Messina who thought it was an  
> interesting idea and decided to dub it "OpenID Connect" (see http://factoryjoe.com/blog/2010/01/04/openid-connect/ 
> ). And thanks to Eran Hammer-Lahav and Joseph Smarr for some help  
> writing bits of it!
>
> So, a modest proposal that I hope gets the conversation going again. http://openidconnect.com/
>
> If the goal is to get something as weak as possible without it  
> instantly collapsing around your ears, then this sounds like a great  
> plan.
>
> If, OTOH, you are interested in actually protecting peoples'  
> identities, then OAuth 2.0 doesn't seem like a great starting point.
>
>
> --David
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100519/007c967e/attachment.htm>

More information about the specs mailing list