There are some specific design mis-matches for OAuth as an authentication
protocol, it's not what it's designed for and there are some problems you will
run into. Some have used it as such, but it's not a good general solution.
-bill
________________________________
From: Paul Madsen <paul.mad...@gmail.com>
To: John Bradley <ve7...@ve7jtb.com>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Sent: Tuesday, February 5, 2013 1:12 PM
Subject: Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
why pigeonhole it?
OAuth can be deployed with no authz semantics at all (or at least
as little as any authn mechanism), e.g client creds grant type
with no scopes
I agree that OAuth is not an *SSO* protocol.
On 2/5/13 3:36 PM, John Bradley wrote:
OAuth is an Authorization protocol as many of us have pointed out.
>
>
>The post is largely correct and based on one of mine.
>
>
>John B.
>
>
>On 2013-02-05, at 12:52 PM, Prabath Siriwardena <prab...@wso2.com> wrote:
>
>FYI and for your comments..
>>
>>
>>http://blog.facilelogin.com/2013/02/why-oauth-it-self-is-not-authentication.html
>>
>>
Thanks & Regards,
>>Prabath
>>
>>
>>Mobile : +94 71 809 6732
>>
>>http://blog.facilelogin.com/
>>http://rampartfaq.com/
_______________________________________________
>>OAuth mailing list
>>OAuth@ietf.org
>>https://www.ietf.org/mailman/listinfo/oauth
>>
>
>
>
>_______________________________________________
OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
