Eran Hammer-Lahav wrote: > Comparison with OpenID at this stage is not that relevant because while > OAuth protects real data and resources, OpenID at most reveal some silly > information about you (SREG). So it is ok to let the use decide how they > share some minimal set of data about them, read only, and without > updates. Not so much when you can access their electronic wallet... >
As a user I cannot grant access to my data to applications I trust if the application vendor has not made a business deal with the company that's hosting my data. I can't host my own data because OAuth is set up in such a way to require every combination of (consumer, provider) to be pre-registered out of band, and no application vendor is going to have pre-registered with my one-off, self-hosted data service. So I'm stuck. I can't force the application vendor to agree to the service provider's terms, and I can't provide my own service. What am I supposed to do? The "electronic wallet" example is a distraction because OAuth as deployed today is used for much less critical things like updating my location in FireEagle, or retrieving the data from my address book on GMail. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---