<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">When talking about "identity on top of OAuth 2" we now talk about OpenID Connect.<div><br></div><div>Who has looked at the OpenID Artifact binding by Nat who also builds on top of OAuth 2?</div><div><br></div><div>The spec is at <a href="http://www.sakimura.org/specs/ab/">http://www.sakimura.org/specs/ab/</a> It already tackles a lot of thing who are in the charter Dick compiled yesterday at the IIW.</div><div><br></div><div><br><div><div>Op 19 mei 2010, om 16:46 heeft Chris Messina het volgende geschreven:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div bgcolor="#FFFFFF"><div>Can you please expand on and be more specific about what you mean by this:</div><div><br></div><div>" If, OTOH, you are interested in actually <span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.273438); -webkit-composition-fill-color: rgba(175, 192, 227, 0.207031); -webkit-composition-frame-color: rgba(77, 128, 180, 0.207031); ">protecting peoples' identities<span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.28125); -webkit-composition-fill-color: rgba(175, 192, 227, 0.214844); -webkit-composition-frame-color: rgba(77, 128, 180, 0.214844); ">, then OAuth 2.0 doesn't seem like a great starting point."</span></span></div><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.28125); -webkit-composition-fill-color: rgba(175, 192, 227, 0.214844); -webkit-composition-frame-color: rgba(77, 128, 180, 0.214844);"><br></span></div><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.285156); -webkit-composition-fill-color: rgba(175, 192, 227, 0.21875); -webkit-composition-frame-color: rgba(77, 128, 180, 0.21875);">What would be a better starting point? And what does it mean to "<span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.273438); -webkit-composition-fill-color: rgba(175, 192, 227, 0.207031); -webkit-composition-frame-color: rgba(77, 128, 180, 0.207031); ">protect peoples' identities" in your thinking?<span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.277344); -webkit-composition-fill-color: rgba(175, 192, 227, 0.210938); -webkit-composition-frame-color: rgba(77, 128, 180, 0.210938); "></span></span></span></div><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.273438); -webkit-composition-fill-color: rgba(175, 192, 227, 0.207031); -webkit-composition-frame-color: rgba(77, 128, 180, 0.207031);"><br></span></div><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.285156); -webkit-composition-fill-color: rgba(175, 192, 227, 0.21875); -webkit-composition-frame-color: rgba(77, 128, 180, 0.21875);"><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.273438); -webkit-composition-fill-color: rgba(175, 192, 227, 0.207031); -webkit-composition-frame-color: rgba(77, 128, 180, 0.207031); "><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.277344); -webkit-composition-fill-color: rgba(175, 192, 227, 0.210938); -webkit-composition-frame-color: rgba(77, 128, 180, 0.210938); ">Thanks,</span></span></span></div><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.273438); -webkit-composition-fill-color: rgba(175, 192, 227, 0.207031); -webkit-composition-frame-color: rgba(77, 128, 180, 0.207031);"><br></span></div><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.285156); -webkit-composition-fill-color: rgba(175, 192, 227, 0.21875); -webkit-composition-frame-color: rgba(77, 128, 180, 0.21875);"><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.273438); -webkit-composition-fill-color: rgba(175, 192, 227, 0.207031); -webkit-composition-frame-color: rgba(77, 128, 180, 0.207031); "><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.277344); -webkit-composition-fill-color: rgba(175, 192, 227, 0.210938); -webkit-composition-frame-color: rgba(77, 128, 180, 0.210938); ">Chris </span></span></span></div><div><br>Sent from my iPhone 2G</div><div><br>On May 19, 2010, at 2:25 AM, Ben Laurie <<a href="mailto:benl@google.com">benl@google.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div><br><br><div class="gmail_quote">On 16 May 2010 00:57, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com"></a><a href="mailto:recordond@gmail.com">recordond@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
The past few months I've had a bunch of one on one conversations with a lot of different people – including many of folks on this list – about ways to build a future version of OpenID on top of OAuth 2.0. Back in March when I wrote a draft of OAuth 2.0 I mentioned it as one of my future goals as well (<a href="http://daveman692.livejournal.com/349384.html" target="_blank"></a><a href="http://daveman692.livejournal.com/349384.html">http://daveman692.livejournal.com/349384.html</a>).<div>
<br></div><div>Basically moving us to where there's a true technology stack of TCP/IP -> HTTP -> SSL -> OAuth 2.0 -> OpenID -> (all sorts of awesome APIs). Not just modernizing the technology, but also focusing on solving a few of the key "product" issues we hear time and time again.<div>
<br></div><div>I took the past few days to write down a lot of these ideas and glue them together. Talked with Chris Messina who thought it was an interesting idea and decided to dub it "OpenID Connect" (see <a href="http://factoryjoe.com/blog/2010/01/04/openid-connect/" target="_blank"></a><a href="http://factoryjoe.com/blog/2010/01/04/openid-connect/">http://factoryjoe.com/blog/2010/01/04/openid-connect/</a>). And thanks to Eran Hammer-Lahav and Joseph Smarr for some help writing bits of it!</div>
<div><br></div><div>So, a modest proposal that I hope gets the conversation going again. <a href="http://openidconnect.com/" target="_blank"></a><a href="http://openidconnect.com/">http://openidconnect.com/</a></div></div></blockquote><div><br></div><div>If the goal is to get something as weak as possible without it instantly collapsing around your ears, then this sounds like a great plan.</div>
<div><br></div><div>If, OTOH, you are interested in actually protecting peoples' identities, then OAuth 2.0 doesn't seem like a great starting point.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div><div><br></div><font color="#888888"><div>--David</div></font></div></div>
<br>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net"></a><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>specs mailing list</span><br><span><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></span><br></div></blockquote></div>_______________________________________________<br>specs mailing list<br><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-specs<br></blockquote></div><br></div></body></html>