Should we solve the NxM problem, and if so, how do you propose we do that? Warren Parad
Founder, CTO Secure your user data with IAM authorization as a service. Implement Authress <https://authress.io/>. On Wed, Feb 24, 2021 at 8:08 AM Bron Gondwana <br...@fastmailteam.com> wrote: > On Wed, Feb 24, 2021, at 17:26, Jim Manico wrote: > > I think it’s important to point out that OAuth is not an authentication > protocol. It’s for delegation. OAuth is one of the most mis-used protocols > on the modern web. If you really want to support end users, a good place to > start is to make it clear to developers what OAuth is really for so secure > solutions are built as opposed to the dumpster fire that OAuth solutions > have become today. > > > https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does > > Which suggests that if the OAuth solutions deployed today are dumpster > fires, then ... well, that's what OAuth 2 does. > > My biggest problem with OAuth as an outsider is that it doesn't solve the > NxM problem. You can't build a client which can OAuth against any > arbitrary OAuth service that provides a standard protocol, because you need > to get an API key for your particular application from each service > provider. This just doesn't scale, which is a large part of Phillip's > complaint as well. > > Of course, I came into the IETF having already read > https://web.archive.org/web/20120731155632/http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ > - which was one of the things which made me wary of the IETF in the first > place, and keen to not let everything I touched get over-complicated. > > Bron. > > -- > Bron Gondwana, CEO, Fastmail Pty Ltd > br...@fastmailteam.com > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth