Agreed. There's a bunch of interesting things that could be done to bring OpenID and OAuth closer together.
On Fri, Mar 26, 2010 at 7:15 PM, Ashish Jain <iti...@gmail.com> wrote: > This is worth exploring further at the next OpenID Summit (assuming there is > interest). RPs that we talk to have overlapping use cases and it's not fair > to their developers to have completely independent SDKs (different signing > mechanism, on boarding process etc). > -Ashish > > --------------------------------------------------------------- > > Ashish Jain > > Sr. Product Manager, PayPal Identity Services > > email: ashish.j...@paypal.com > > cell: 303-548-4325 > > skype: itickr > > --------------------------------------------------------------- > > > On Fri, Mar 26, 2010 at 7:16 PM, Robert Winch <rwi...@gmail.com> wrote: >> >> If you haven't seen this post, it may be of interest >> http://hueniverse.com/2009/04/introducing-sign-in-with-twitter-oauth-style-connect/ >> >> On Fri, Mar 26, 2010 at 5:20 PM, Paul Lindner <lind...@inuus.com> wrote: >>> >>> If a site has an api that returns a stable user identifier then OAuth can >>> work fine as an SSO. I wouldn't go so far as to call it bastardized.. >>> The big difference between OpenID and OAuth is the idiom used. OpenID is >>> designed to not require prior registration for use -- multiple relying >>> parties and providers can interoperate using URLs and attribute exchange. >>> With OAuth you need a consumer key/secret for your site, and the APIs for >>> attribute exchange change from provider to provider. >>> >>> On Fri, Mar 26, 2010 at 1:39 PM, Chris Messina <chris.mess...@gmail.com> >>> wrote: >>>> >>>> OAuth can be used as a bastardized mechanism to do SSO, but it's not >>>> really recommended. >>>> OAuth only provides you with tokens, which could later be revoked, >>>> effectively destroying the identity that you're relying on. >>>> OpenID is the preferred way to achieve SSO because it provides you with >>>> a stable, reusable identifier. >>>> Twitter uses OAuth for SSO, but it's really kind of a mis-use of the >>>> technology, although in practice it kind of solves the problem. >>>> Essentially OpenID provides you with identity; OAuth provides you >>>> authorization to do things on behalf of a user. Since you're doing >>>> something >>>> on behalf of a user, you get a kind of temporary identity to do stuff but >>>> it's much more fragile than OpenID. >>>> Why don't you want to do OpenID? >>>> Chris >>>> >>>> On Fri, Mar 26, 2010 at 10:21 AM, Adam <apcau...@gmail.com> wrote: >>>>> >>>>> We currently use CAS for SSO. I'd like to have SSO into gmail, but do >>>>> not want to switch to OpenID. Is it possible to use OAuth to login >>>>> users into their gmail accounts? Or is OAuth only meant to retrieve >>>>> user data? >>>>> >>>>> I am currently using SignPost to connect to OAuth... if it matters. >>>>> >>>>> Thanks. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "OAuth" group. >>>>> To post to this group, send email to oa...@googlegroups.com. >>>>> To unsubscribe from this group, send email to >>>>> oauth+unsubscr...@googlegroups.com. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/oauth?hl=en. >>>>> >>>> >>>> >>>> >>>> -- >>>> Chris Messina >>>> Open Web Advocate, Google >>>> >>>> Personal: http://factoryjoe.com >>>> Follow me on Buzz: http://buzz.google.com/chrismessina >>>> ...or Twitter: http://twitter.com/chrismessina >>>> >>>> This email is: [ ] shareable [X] ask first [ ] private >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "OAuth" group. >>>> To post to this group, send email to oa...@googlegroups.com. >>>> To unsubscribe from this group, send email to >>>> oauth+unsubscr...@googlegroups.com. >>>> For more options, visit this group at >>>> http://groups.google.com/group/oauth?hl=en. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "OAuth" group. >>> To post to this group, send email to oa...@googlegroups.com. >>> To unsubscribe from this group, send email to >>> oauth+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/oauth?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "OAuth" group. >> To post to this group, send email to oa...@googlegroups.com. >> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.