---------- Forwarded message ---------- From: Santosh Rajan <[email protected]> Date: Tue, Jun 8, 2010 at 6:35 PM Subject: Re: [OpenID] Definition of OpenID To: Andy Powell <[email protected]> Cc: Nat Sakimura <[email protected]>, David Recordon <[email protected]>, "[email protected]" <[email protected]>
This is brilliant Andy, really brilliant. Thank you so much. On Tue, Jun 8, 2010 at 6:02 PM, Andy Powell <[email protected]>wrote: > I suspect we need at least two variants, one for a general audience and > one more technically correct ;-). > > > > I find your proposed wording for OAuth (“*OAuth is a protocol that allows > one to delegate the access authorization to a resource to a third party*”) > somewhat problematic since it’s not overly clear what is being delegated to > who? Tbh, I prefer the current wording at http://oauth.net/ (“*An open > protocol to allow secure API authorization in a simple and standard method > from desktop and web applications*”) – I think there is a subtle > distinction between ‘allowing authorization’ and ‘doing authorization’ which > makes this wording OK. > > > > On that basis, how about something like the following: > > > > *General audience* > > > > OpenID allows you to use an existing website account to sign in to multiple > other websites, without needing to create any new passwords. > > > > OAuth allows you to access a website using a desktop or web-based > application, without needing to type the username and password for that > website into the application. > > > > *Technical audience* > > > > OpenID is an open standard digital identity framework that allows > attributes about an authenticated user to be passed from one website (the > OpenID provider) to another (the relying party), usually for the purposes of > authorizing access. > > > > OAuth is an open standard protocol that allows simple and secure API > authorization from desktop and web-based applications. > > > > ?? > > > > Andy > > > > -- > > Andy Powell > > Research Programme Director > > Eduserv > > t: 01225 474319 > > m: 07989 476710 > > twitter: @andypowe11 > > blog: efoundations.typepad.com > > > > www.eduserv.org.uk > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Nat Sakimura > *Sent:* 08 June 2010 11:35 > *To:* David Recordon > *Cc:* [email protected] > *Subject:* Re: [OpenID] Definition of OpenID > > > > Would love to have a more readable rewrite. > > > > We should make an authoritative punch line that we can use it at many > places, > > including wikipedia. > > > > =nat > > > > On Tue, Jun 8, 2010 at 4:40 PM, David Recordon <[email protected]> > wrote: > > We wrote http://openid.net/get-an-openid/what-is-openid/ a year or two > ago. It's far more of a product definition than a technical one, but > supports what you wrote. Ever since we made OpenID 2.0 extensible and > a combination of other technologies a few years ago it's been a > framework. > > As you point out, OpenID has never done user authentication itself. > Rather that's handled by cookies, passwords, tokens, certs, etc. > OpenID does however perform authentication from the provider to the > relying party once the user has authenticated and granted > authorization. > > So yes, I agree with your definitions but would rewrite them and > clarify the intended audience. (Unfortunately 1am isn't a good time > for me to propose better wording.) > > --David > > > > On Tue, Jun 8, 2010 at 12:31 AM, Nat Sakimura <[email protected]> wrote: > > Many people say that OpenID is for Authentication and OAuth is for > > Authorization. > > This does not seem to be an accurate statement. > > In fact, OpenID does not do the "authentication" in the narrow meaning > and > > OAuth does not do the "authorization" in the narrow meaning. > > More accurate characterization would be something like: > > OpenID is a Digital Identity Framework that that conveys the > authorization > > decision and identity attributes/data of an authenticated identity from > the > > identity provider (OpenID provider, OP) to a requesting party called > relying > > party (RP). > > OAuth is a protocol that allows one to delegate the access authorization > to > > a resource to a third party. (<= need better wording.) > > Any discussion? > > > > -- > > Nat Sakimura (=nat) > > http://www.sakimura.org/en/ > > http://twitter.com/_nat_en > > > > > _______________________________________________ > > general mailing list > > [email protected] > > http://lists.openid.net/mailman/listinfo/openid-general > > > > > > > > > -- > Nat Sakimura (=nat) > http://www.sakimura.org/en/ > http://twitter.com/_nat_en > > _______________________________________________ > general mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-general > > -- http://hi.im/santosh -- http://hi.im/santosh
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
