<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Santosh Rajan</b> <span dir="ltr"><<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>></span><br>
Date: Tue, Jun 8, 2010 at 6:35 PM<br>Subject: Re: [OpenID] Definition of OpenID<br>To: Andy Powell <<a href="mailto:andy.powell@eduserv.org.uk">andy.powell@eduserv.org.uk</a>><br>Cc: Nat Sakimura <<a href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>>, David Recordon <<a href="mailto:recordond@gmail.com">recordond@gmail.com</a>>, "<a href="mailto:openid-general@lists.openid.net">openid-general@lists.openid.net</a>" <<a href="mailto:openid-general@lists.openid.net">openid-general@lists.openid.net</a>><br>
<br><br>This is brilliant Andy, really brilliant. Thank you so much.<div><div></div><div class="h5"><br><br><div class="gmail_quote">On Tue, Jun 8, 2010 at 6:02 PM, Andy Powell <span dir="ltr"><<a href="mailto:andy.powell@eduserv.org.uk" target="_blank">andy.powell@eduserv.org.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-GB" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:10.5pt">I
suspect we need at least two variants, one for a general audience and one more
technically correct ;-).</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">I
find your proposed wording for OAuth (“<i>OAuth is a protocol that allows
one to delegate the access authorization to a resource to a third party</i>”)
somewhat problematic since it’s not overly clear what is being delegated
to who? Tbh, I prefer the current wording at <a href="http://oauth.net/" target="_blank">http://oauth.net/</a>
(“<i>An open protocol to allow secure API authorization in a simple and
standard method from desktop and web applications</i>”) – I think
there is a subtle distinction between ‘allowing authorization’ and ‘doing
authorization’ which makes this wording OK.</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">On
that basis, how about something like the following:</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><b><span style="font-size:10.5pt">General
audience</span></b></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">OpenID
allows you to use an existing website account to sign in to multiple other
websites, without needing to create any new passwords.</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">OAuth
allows you to access a website using a desktop or web-based application,
without needing to type the username and password for that website into the
application.</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><b><span style="font-size:10.5pt">Technical
audience</span></b></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">OpenID
is an open standard digital identity framework that allows attributes about an
authenticated user to be passed from one website (the OpenID provider) to
another (the relying party), usually for the purposes of authorizing access.</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">OAuth
is an open standard protocol that allows simple and secure API authorization
from desktop and web-based applications.</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">??</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">Andy</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">--</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#7030A0">Andy Powell</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">Research
Programme Director</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#7030A0">Eduserv</span><span style="font-size:11.0pt"></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;color:#7030A0">t:</span><span style="font-size:10.5pt">
01225 474319</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;color:#7030A0">m:</span><span style="font-size:10.5pt">
07989 476710</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;color:#7030A0">twitter:</span><span style="font-size:10.5pt">
@andypowe11</span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;color:#7030A0">blog:</span><span style="font-size:10.5pt">
<a href="http://efoundations.typepad.com" target="_blank">efoundations.typepad.com</a></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"><a href="http://www.eduserv.org.uk" target="_blank">www.eduserv.org.uk</a> </span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt">From:</span></b><span lang="EN-US" style="font-size:10.0pt"> <a href="mailto:openid-general-bounces@lists.openid.net" target="_blank">openid-general-bounces@lists.openid.net</a>
[mailto:<a href="mailto:openid-general-bounces@lists.openid.net" target="_blank">openid-general-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Nat
Sakimura<br>
<b>Sent:</b> 08 June 2010 11:35<br>
<b>To:</b> David Recordon<br>
<b>Cc:</b> <a href="mailto:openid-general@lists.openid.net" target="_blank">openid-general@lists.openid.net</a><br>
<b>Subject:</b> Re: [OpenID] Definition of OpenID</span></p>
</div><div><div></div><div>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Would love to have a more readable rewrite. </p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">We should make an authoritative punch line that we can use
it at many places, </p>
</div>
<div>
<p class="MsoNormal">including wikipedia. </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">=nat</p>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On Tue, Jun 8, 2010 at 4:40 PM, David Recordon <<a href="mailto:recordond@gmail.com" target="_blank">recordond@gmail.com</a>> wrote:</p>
<p class="MsoNormal">We wrote <a href="http://openid.net/get-an-openid/what-is-openid/" target="_blank">http://openid.net/get-an-openid/what-is-openid/</a>
a year or two<br>
ago. It's far more of a product definition than a technical one, but<br>
supports what you wrote. Ever since we made OpenID 2.0 extensible and<br>
a combination of other technologies a few years ago it's been a<br>
framework.<br>
<br>
As you point out, OpenID has never done user authentication itself.<br>
Rather that's handled by cookies, passwords, tokens, certs, etc.<br>
OpenID does however perform authentication from the provider to the<br>
relying party once the user has authenticated and granted<br>
authorization.<br>
<br>
So yes, I agree with your definitions but would rewrite them and<br>
clarify the intended audience. (Unfortunately 1am isn't a good time<br>
for me to propose better wording.)<br>
<br>
--David</p>
<div>
<div>
<p class="MsoNormal"><br>
<br>
On Tue, Jun 8, 2010 at 12:31 AM, Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>> wrote:<br>
> Many people say that OpenID is for Authentication and OAuth is for<br>
> Authorization.<br>
> This does not seem to be an accurate statement.<br>
> In fact, OpenID does not do the "authentication" in the narrow
meaning and<br>
> OAuth does not do the "authorization" in the narrow meaning.<br>
> More accurate characterization would be something like:<br>
> OpenID is a Digital Identity Framework that that conveys the authorization<br>
> decision and identity attributes/data of an authenticated identity from
the<br>
> identity provider (OpenID provider, OP) to a requesting party called
relying<br>
> party (RP).<br>
> OAuth is a protocol that allows one to delegate the access authorization
to<br>
> a resource to a third party. (<= need better wording.)<br>
> Any discussion?<br>
><br>
> --<br>
> Nat Sakimura (=nat)<br>
> <a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br>
> <a href="http://twitter.com/_nat_en" target="_blank">http://twitter.com/_nat_en</a><br>
></p>
</div>
</div>
<p class="MsoNormal">> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@lists.openid.net" target="_blank">general@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
><br>
></p>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<br>
-- <br>
Nat Sakimura (=nat)<br>
<a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br>
<a href="http://twitter.com/_nat_en" target="_blank">http://twitter.com/_nat_en</a></p>
</div>
</div></div></div>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net" target="_blank">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br></div></div><a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a><br><br><br>
</div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>