Hey Manuel,<div>You should keep working on what you started. While I hope to move quickly over the next few weeks and months on OpenID Connect, if you found something that will solve your problem today then you shouldn't wait.</div>
<div><br></div><div>--David</div><div><br><br><div class="gmail_quote">On Sun, May 16, 2010 at 9:03 PM, Manuel Lemos <span dir="ltr"><<a href="mailto:mlemos@acm.org">mlemos@acm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hello,<br>
<br>
With this thread of using oAuth 2 for identity I am confused to which<br>
protocol should I use for a single sign-on solution that I need to<br>
implement.<br>
<br>
Let me explain my case and see if anybody can clarify what is the best<br>
solution for me.<br>
<br>
I have one site, lets call it site A, that has many user accounts. I<br>
want to build another site, lets call it site B, but I do not want users<br>
with accounts in site A to create new accounts to access site B. They<br>
could just use the same account data from site A and use it in site B.<br>
In the future I may have sites C, D, etc..<br>
<br>
I thought of creating an OpenID authentication server, lets call it OP,<br>
and migrate user account from site A to OP. When users go to site A or B<br>
and need to login, they are redirected via OpenID to OP for authentication.<br>
<br>
If successful, OP passes site A or B the account, personal name, nick<br>
name and e-mail when redirecting back to sites A or B, so those sites<br>
always have copies of that account information for imediate use.<br>
<br>
If the user updates one of those details in site A or B, they push the<br>
changes to OP and OP propagates the changes to the other site A or B<br>
that also has the same user account.<br>
<br>
>From the specifications that I read, OpenID and its extensions can be<br>
used the way I need.<br>
<br>
This will all be used only within my network sites. I do not intend to<br>
allow users to autheticate with external OpenID providers, nor I want<br>
other sites to use my OpenID provider to authenticate in other sites.<br>
<br>
Since this is meant for use restricted to my sites, I could invent a<br>
proprietary protocol, but I thought it was better to not reinvent the wheel.<br>
<br>
I will develop all the necessary components to implement the OpenID<br>
provider and consumers with the needed extensions. Actually the consumer<br>
component is mostly done.<br>
<br>
I was moving to the OpenID provider component when I noticed this thread<br>
of using oAuth 2 for identity. So now I wonder if I am in the right<br>
path? Shall I keep doing it with OpenID or shall I do it with oAuth 2?<br>
Can anybody please shed some light so I can make the best decision?<br>
<br>
--<br>
<br>
Regards,<br>
Manuel Lemos<br>
<br>
Find and post PHP jobs<br>
<a href="http://www.phpclasses.org/jobs/" target="_blank">http://www.phpclasses.org/jobs/</a><br>
<br>
PHP Classes - Free ready to use OOP components written in PHP<br>
<a href="http://www.phpclasses.org/" target="_blank">http://www.phpclasses.org/</a><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
</blockquote></div><br></div>