Eran Hammer-Lahav wrote:
> Comparison with OpenID at this stage is not that relevant because while 
> OAuth protects real data and resources, OpenID at most reveal some silly 
> information about you (SREG). So it is ok to let the use decide how they 
> share some minimal set of data about them, read only, and without 
> updates. Not so much when you can access their electronic wallet...
> 

As a user I cannot grant access to my data to applications I trust if 
the application vendor has not made a business deal with the company 
that's hosting my data.

I can't host my own data because OAuth is set up in such a way to 
require every combination of (consumer, provider) to be pre-registered 
out of band, and no application vendor is going to have pre-registered 
with my one-off, self-hosted data service.

So I'm stuck. I can't force the application vendor to agree to the 
service provider's terms, and I can't provide my own service. What am I 
supposed to do?

The "electronic wallet" example is a distraction because OAuth as 
deployed today is used for much less critical things like updating my 
location in FireEagle, or retrieving the data from my address book on GMail.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to