<div dir="ltr">Following the IIW session on this topic, we updated the spec in <a href="http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html" target="_blank">http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html</a> to address the issues that were raised. Especially, optimizing on how OAuth request token is handled, allowed to remove one full roundtrip!<br>
Would appreciate any feedback on the updated suggestion.<br><br>Thanks<br><br><div class="gmail_quote">On Mon, Nov 3, 2008 at 12:00 PM, <span dir="ltr"><<a href="mailto:specs-request@openid.net">specs-request@openid.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send specs mailing list submissions to<br>
<a href="mailto:specs@openid.net">specs@openid.net</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:specs-request@openid.net">specs-request@openid.net</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:specs-owner@openid.net">specs-owner@openid.net</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of specs digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Proposal to create the OpenID OAuth Hybrid Working Group<br>
(Yariv Adan)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 3 Nov 2008 15:30:57 +0100<br>
From: Yariv Adan <<a href="mailto:yariv@google.com">yariv@google.com</a>><br>
Subject: Proposal to create the OpenID OAuth Hybrid Working Group<br>
To: <a href="mailto:specs@openid.net">specs@openid.net</a><br>
Message-ID:<br>
<<a href="mailto:7c1383150811030630r2eaf4e5fxdad6dfbd00cf9010@mail.gmail.com">7c1383150811030630r2eaf4e5fxdad6dfbd00cf9010@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
In accordance with the OpenID Foundation IPR policies and procedures<<br>
<a href="http://openid.net/foundation/intellectual-property/" target="_blank">http://openid.net/foundation/intellectual-property/</a> > this note proposes the<br>
formation of a new working group chartered to produce an OpenID<br>
specification.<br>
As per Section 4.1 of the Policies, the specifics of the proposed working<br>
group are:<br>
<br>
Background Information:<br>
OpenID has always been focused on how to enable user-authentication within<br>
the browser. Over the last year, OAuth has been developed to allow<br>
authorization either from within a browser, desktop software, or mobile<br>
devices. Obviously there has been interest in using OpenID and OAuth<br>
together allowing a user to share their identity as well as grant a Relying<br>
Party access to an OAuth protected resource in a single step. A small group<br>
of people have been working on developing an extension to OpenID which makes<br>
this possible in a collaborative fashion within<br>
<a href="http://code.google.com/p/step2/" target="_blank">http://code.google.com/p/step2/</a>. This small project includes a draft spec<br>
and Open Source implementations which the proposers would like to finalize<br>
within the OpenID Foundation.<br>
<br>
<br>
Working Group Name:<br>
OpenID OAuth Hybrid Working Group<br>
<br>
<br>
Purpose:<br>
Produce a standard OpenID extension to the OpenID Authentication protocol<br>
that provides a mechanism to embed an OAuth approval request into an OpenID<br>
authentication request to permit combined user approval. The extension<br>
addresses the use case where the OpenID Provider and OAuth Service Provider<br>
are the same service. To provide good user experience, it is important to<br>
present a combined authentication and authorization screen for the two<br>
protocols.<br>
<br>
<br>
Scope:<br>
Standardize the draft Hybrid Protocol (<br>
<a href="http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html" target="_blank">http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html</a>)<br>
as an official OpenID Extension describing how to combine an OpenID<br>
authentication request with the approval of an OAuth request token.<br>
<br>
<br>
Anticipated Contributions:<br>
Draft specification referenced above and various text contributions as more<br>
developers implement it.<br>
<br>
<br>
Proposed List of Specifications:<br>
OpenID OAuth Extension 1.0. Spec completion by Q4 2008.<br>
<br>
<br>
Anticipated audience or users of the work:<br>
- OpenID Providers and Relying Parties<br>
- OAuth Consumers and Service Providers<br>
- Implementers of OpenID Providers and Relying Parties<br>
<br>
<br>
Language in which the WG will conduct business:<br>
English.<br>
<br>
<br>
Method of work:<br>
E-mail discussions on the working group mailing list and working group<br>
conference calls.<br>
<br>
<br>
Basis for determining when the work of the WG is completed:<br>
The work will be completed once it is apparent that maximal consensus on the<br>
protocol proposal has been achieved within the working group, consistent<br>
with the purpose and scope.<br>
<br>
<br>
Proposers:<br>
- Ben Laurie, <a href="mailto:benl@google.com">benl@google.com</a>, Google<br>
- Breno de Medeiros, <a href="mailto:breno@google.com">breno@google.com</a>, Google<br>
- David Recordon, <a href="mailto:drecordon@sixapart.com">drecordon@sixapart.com</a>, Six Apart<br>
- Dirk Balfanz, <a href="mailto:balfanz@google.com">balfanz@google.com</a>, Google<br>
- Joseph Smarr, <a href="mailto:jsmarr@plaxo.com">jsmarr@plaxo.com</a>, Plaxo<br>
- Yariv Adan, <a href="mailto:yariv@google.com">yariv@google.com</a>, Google - Allen Tom, <a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a> ,<br>
Yahoo<br>
- Josh Hoyt, <a href="mailto:josh@janrain.com">josh@janrain.com</a> , JanRain<br>
<br>
<br>
Initial Editors:<br>
- Dirk Balfanz, <a href="mailto:balfanz@google.com">balfanz@google.com</a>, Google - Breno de Medeiros,<br>
<a href="mailto:breno@google.com">breno@google.com</a>, Google<br>
<br>
<br>
--<br>
Yariv Adan | Product Manager<br>
Google Switzerland GmbH | Identifikationsnummer: CH-020.4.028.116-1<br>
This e-mail is confidential. If you are not the right addressee please do<br>
not forward it, please inform the sender, and please erase this e-mail<br>
including any attachments. Thanks.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://openid.net/pipermail/specs/attachments/20081103/21c48c00/attachment.html" target="_blank">http://openid.net/pipermail/specs/attachments/20081103/21c48c00/attachment.html</a><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@openid.net">specs@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
<br>
<br>
End of specs Digest, Vol 27, Issue 3<br>
************************************<br>
</blockquote></div><br><br clear="all"><br>-- <br>Yariv Adan | Product Manager<br>Google Switzerland GmbH | Identifikationsnummer: CH-020.4.028.116-1<br>This e-mail is confidential. If you are not the right addressee please do not forward it, please inform the sender, and please erase this e-mail including any attachments. Thanks. <br>
</div>