a, North America
January 20th, 2011 - cutoff for all proposals.
January 27th, 2011 - present document for OpenSocial Board.
Thank You!
Paul Lindner
Former Opensocial Community Board member
VP Apache Shindig Project
--
Paul Lindner -- lind...@inuus.com -- linkedin.com/in/plindner
--
Chris Mes
scr...@googlegroups.com .
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
>
--
Chris Messina
Open Web Advocate, Google
Personal: http://factoryjoe.com
Follow me on Buzz: http://buzz.google.com/chrismessina
...or Twitter: http://twitter.com/chrismessina
This ema
email to
> oauth+unsubscr...@googlegroups.com .
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
>
--
Chris Messina
Open Web Advocate, Google
Personal: http://factoryjoe.com
Follow me on Buzz: http://buzz.google.com/chrismessina
...or Twitter: ht
to the Google Groups
> "OAuth" group.
> To post to this group, send email to oa...@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth+unsubscr...@googlegroups.com .
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
Adam wrote:
> I'd still like to know if there are any examples of SSO using OAuth to
> sign into gmail - I have found some examples for use with Twitter, but
> not Google.
>
> On Mar 29, 11:31 am, Adam wrote:
> > On Mar 26, 4:39 pm, Chris Messina wrote:
> >
> >
from provider to provider.
On Fri, Mar 26, 2010 at 1:39 PM, Chris Messina >
wrote:
OAuth can be used as a bastardized mechanism to do SSO, but it's
not
really recommended.
OAuth only provides you with tokens, which could later be revoked,
effectively destroying the identity that
eceived this message because you are subscribed to the Google Groups
> "OAuth" group.
> To post to this group, send email to oa...@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth+unsubscr...@googlegroups.com .
> For more options, visit this group at
&g
.
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
>
--
Chris Messina
Open Web Advocate, Google
Personal: http://factoryjoe.com
Follow me on Buzz: http://buzz.google.com/chrismessina
...or Twitter: http://twitter.com/chrismessina
This email is: [ ] sha
> "OAuth" group.
> To post to this group, send email to oa...@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth+unsubscr...@googlegroups.com .
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
>
you are subscribed to the Google Groups
> "OAuth" group.
> To post to this group, send email to oa...@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth+unsubscr...@googlegroups.com .
> For more options, visit this group at
> http://groups.google.
You could imagine the use case of a licensing server sitting separate
from the service provider that validates whether someone has the
proper rights to view certain content.
That's one possibility...
Sent from my iPhone 2G
On Feb 2, 2010, at 9:44 AM, Richard Barnes
wrote:
Blaine,
Cou
at edge case
that the browser's built-in protection system doesn't know about. Better is
to make sure the user has *some* kind of contextual clue — and if they trust
the client app anyway, then this is possibly about as good as we'll get with
the tech that we currently have.
Chris
Agreed. It's very important the user be given at least two pieces of
information:
* the URL where they're entering their password
* whether the connection is secure (ie using SSL)
Since you could spoof this information in your app, it's generally a
good idea to hand off to the local browser,
.
>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>>
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "OAuth" group.
> To post to this group, send email to oa...@goo
favorite is
>
> https://svn.iamcal.com/public/php/lib_oauth/lib_oauth.php
>
> It's a very tiny library which just handles signing but that's exactly
> what I need.
>
> >
>
--
Chris Messina
Open Web Advocate
Personal: http://factoryjoe.com
Follow me on Twitter:
ork to occur in the IETF
> OAuth WG.
> > >>
> > >> -- Dick
> > >> ___
> > >> OAuth mailing list
> > >> oa...@ietf.org
> > >&
Hello!
Which platform?
Sent from my iPhone 2G
On Nov 4, 2009, at 7:20, Anthony Broad-Crawford
wrote:
> I write as I am incorporating OAuth into our platform sometime late
> December or early January. That being said, I (and a few of my
> colleagues) will probably be more active on the li
eceive. Given my workload I will not be able to continue moderating this
> list in a timely manner. If other members are willing to volunteer, please
> let me know. We will add you as a group owner which will make you get these
> admin emails and approve messages.
> >
> > EH
le of google trend's data it is required to
> login to Google accounts.
> I try to use a script to download this info.. Do I need to use OAuth
> for that purpose or
> is it something else?
>
> Joel
>
> >
>
--
Chris Messina
Open Web Advocate
Personal: h
nSecret
> ());
>
>URL url = new URL("http://twitter.com/statuses/mentions.xml";);
>HttpURLConnection request = (HttpURLConnection)
> url.openConnection();
>
>consumer.sign(request);
>
>System.out.println("Sending request to Twitter.
explains OAuth and provides sample HTML/Javascript code for
> people to dissect - this is so that contributors to our project have a
> good starting point to develop their code, I'll be *very* happy to
> give this back to the community!
>
> Cheers for responding :)
&
m Denmark last month and helped me understand OAuth, we
> created a simple setup that demonstrated all the features of the
> specification. Next week I'm revisiting the code and will be
> integrating it into our API!
>
> Massive thanks guys! Great forum, excellent concept, but most of
st of
> available libraries and reference implementations but shows the
> "Extension" page.
>
> Once reverted, please include liboauth for C and C++ in the list.
> src: http://oauth.googlecode.com/svn/code/c/liboauth/
> doc: http://liboauth.sourceforge.net/
>
> g
oauth/tree
> Gitorious mirror: http://gitorious.org/cl-oauth
>
> It currently supports HMAC-SHA1 authentication and comes with some SP
> convenience functions.
>
> It's not polished yet but comes with a basic test suite and all you
> need to set up both Consumers and Ser
Great!
http://groups.google.com/group/oauth-java/
Chris
On Thu, Aug 6, 2009 at 3:00 PM, javacat wrote:
>
> Thanks. I would certainly be interested. Cheers,
>
>
>
> On Aug 6, 2:57 pm, Chris Messina wrote:
> > We can make one if there's enough interesting in havin
yesterday. It
> > seems like this group is a general OAuth discussion forum, but I'm
> > mainly interested in the Java library implementation. Is there a
> > specific group or mailing list for just the Java library?
> >
>
--
Chris Messina
Open Web Advoc
like to use link with parameters after '?' character. Why doesn't it
> work in 'favorite status' and 'unfavorite status'?
>
> I sorry for the offtopic. :)
>
> Mariusz
>
> >
>
--
Chris Messina
Open Web Advocate
Pers
> (assuming OAuth 1.0a with signed callback URLs)
>
> Thanks
> Paul
>
>
> >
>
--
Chris Messina
Open Web Advocate
Personal site: http://factoryjoe.com
Twitter: http://twitter.com/chrismessina
Diso Project: http://diso-project.org
OpenID Foundation: http
://en.oreilly.com/oscon2009/public/schedule/detail/8559>Cheers,
Chris
--
Chris Messina
Open Web Advocate
Personal site: http://factoryjoe.com
Twitter: http://twitter.com/chrismessina
Diso Project: http://diso-project.org
OpenID Foundation: http://openid.net
This email is: [X] bloggable
site right now could easily be forgiven for
> thinking that the security issue has not yet been resolved, and even
> attempted.
>
> I'd thought both the message on the homepage and the security advisory
> itself would have been updated to show the progress made and current
>
t; *To:* oauth@googlegroups.com
> *Subject:* [oauth] Re: OAuth Core 1.0 Rev A status
>
>
>
> Full new version with link to diff. I'll take care of it today.
>
>
>
> EHL
>
> On Jun 15, 2009, at 23:46, "Chris Messina"
> wrote:
>
> There is no
t there hasn't been any formal announcements
> or anything else.
>
> Thanks for the info,
> Rich
>
>
>
>
> >
>
--
Chris Messina
Open Web Advocate
Personal site: http://factoryjoe.com
Twitter: http://twitter.com/chrismessina
Diso Project: http://diso-p
anks to Will Norris for getting these changes in to core!
Chris
[1]
http://josephscott.org/archives/2009/06/wordpress-2-8-xml-rpc-and-atompub-changes/
--
Chris Messina
Open Web Advocate
Personal site: http://factoryjoe.com
Twitter: http://twitter.com/chrismessina
Diso Project: http://diso
his the best place to find documentation on this?
http://code.google.com/apis/gdata/articles/oauth.html
Chris
--
Chris Messina
Open Web Advocate
Personal site: http://factoryjoe.com
Twitter: http://twitter.com/chrismessina
Diso Project: http://diso-project.org
OpenID Foundation: http://open
pushes developers to move to OAuth (which I presume will include desktop and
mobile clients) we might see more feed readers adopt this model.
Chris
--
Chris Messina
Open Web Advocate
Website: http://factoryjoe.com
Blog: http://factoryjoe.com/blog
Twitter: http://twitter.com/chrismessin
GP SIGNATURE-
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkogr5IACgkQNL8k5A2w/vyG9QCg1xW7D7xCpUXFZtzlzaKHZAEy
> fgYAoL2fkmLrV2621aDjCfJsc8b3psdQ
> =AghQ
> -END PGP SIGNATURE-
>
> >
>
--
Chris Messina
Open Web Adv
to OAuth?
> I've seen an old thread about an IPR contribution license
> (
> http://groups.google.com/group/oauth/browse_thread/thread/c42aefc5abd9b059?pli=1
> )
> but it seems it has not yielded a final document. At least I can't see
> it anywhere on the site - or maybe
OAuth got discussed a bit:
>
> http://www.id-conf.com/blog/2009/05/06/another-interview/
> Lots more interviews of speakers and participant are here:
> http://www.youtube.com/user/kuppingercole
>
> Eve
>
> On May 6, 2009, at 10:13 PM, Chris Messina wrote:
>
> Thanks for
gt; Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - Voltaire
>
> >
>
--
Chris Messina
Open Web Advocate
factoryjoe.com // diso-project.org // openid.net // v
ervice.
> >
> > Now going to http://twitter.com/oauth takes you to an "Applications
> > Using Twitter" page instead of the twitter stream!
> >
> > Might want to take that up with them.
> >
>
> >
>
--
Chris Messina
Open Web Advocate
factoryjoe
e.it/
> [2] http://oauth.asemantics.com/hybrid/
> [3] http://myid.asemantics.com/
> [4] http://twitter.com/simonetripodi
>
> --
> http://www.google.com/profiles/simone.tripodi
>
> >
>
--
Chris Messina
Open Web Advocate
factoryj
Eve
>
> Eve Maler eve.maler @ sun.com
> Emerging Technologies Directorcell +1 425 345 6756
> Sun Microsystems Identity Softwarewww.xmlgrrl.com/blog
>
>
> >
>
--
Chris Messina
Open Web Advocate
fact
glegroups.com] On Behalf
> > Of Solberg Andreas Åkre
> > Sent: Thursday, April 30, 2009 12:51 AM
> > To: oauth@googlegroups.com
> > Subject: [oauth] Vulnerable token creation in PHP OAuth library
> >
> >
> > FYI
> >
> > https://rnd.feide.no/content/
n my application development in
> orkut environment. Is there any apps that already implemented REST and
> OAUTH?
>
>
> If yes, How can i do that? I already tried with PHP libraries but no
> use. It's throwing some errors(fatal errors).
>
> >
>
--
Chris Messina
Op
er community of practice's needs.
Chris
On Tue, Apr 28, 2009 at 12:13 AM, Luca Mearelli wrote:
>
> On Tue, Apr 28, 2009 at 7:42 AM, Chris Messina
> wrote:
> > Is OAuth this hard for everyone else?
> > http://kentbrewster.com/oauth-confessions/
>
> I think that
> 548 4th Street
>>
>> I'll try to get the conference call stuff working too - more about
>> this later.
>>
>> Sorry for the short notice! I'll try to summarize the meeting and get
>> the notes back in the mailing list or wiki.
>>
>> Le
Is OAuth this hard for everyone else?
http://kentbrewster.com/oauth-confessions/
*Sniff*.
Chris
--
Chris Messina
Open Web Advocate
factoryjoe.com // diso-project.org // openid.net // vidoop.com
This email is: [ ] bloggable[X] ask first [ ] private
Culver
> wrote:
> > OAuth Meetup
> > Tuesday, Apr 28th at 5pm
>
> I'd have liked to participate (via conf call) but it's 2AM here in Italy
> :-)
> so I'll try to contribute via the ML, thanks for organizing it
>
>
> Luca
>
> >
>
--
C
7;s work called ProtectServe:
http://www.xmlgrrl.com/blog/archives/2009/03/23/to-protect-and-to-serve/
http://www.xmlgrrl.com/blog/archives/2009/03/29/protectserve-getting-down-to-use-cases/
http://www.xmlgrrl.com/blog/archives/2009/04/02/protectserve-draft-protocol-flows/
http://www.xmlgrrl.com/blo
On Wed, Apr 22, 2009 at 10:48 PM, Luca Mearelli wrote:
>
> On Thu, Apr 23, 2009 at 7:37 AM, Chris Messina
> wrote:
> > To add to this perspective, OpenID is an assertion or identity protocol
> > whereas OAuth is designed as an access or authorization protocol.
> ...
ortfolio.
>>> >
>>> > > > > > > First Question: Iswww.stocktwits.comisgoodcandidate for
>>> > > > > > > implementing OAuth as a consumer and twitter as a service
>>> provider?
>>> >
>>> > > > > > Yes definitely
, but at least I know
> those offer my users solid authentication and pass basic user attributes so
> I can make an account for them without a lot of trouble. Hopefully as people
> start to use these the most reliable, seamless experience will win and
> identity will settle around a few major
php
Oh, and it might interest some folks that there are interesting conversation
going on about Twitter's authorization interface:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/0a1739326384dac6?pli=1
Chris
[1] http://tr.im/fj_openid_nascar
--
Chris Messina
rovider would enable a user to revoke her access tokens,
> > e.g. in case they're stolen.
>
> >
>
--
Chris Messina
Citizen-Participant &
Open Web Advocate
factoryjoe.com // diso-project.org // vidoop.com
This email is: [ ] bloggable[X] ask first [ ] private
--~--
est of the app: we
> > > currently check for a UT-specific secure cookie to serve restricted
> > > images (lack of the cookie simply causes us to send a thumbnail
> > > version). I'd much prefer a URL-based access scheme with a two-legged
> > > OAuth approach. This
ld have its own access token and token secret.
> The service provider would enable a user to revoke her access tokens,
> e.g. in case they're stolen.
>
> Users sharing a computer complicates things. Can other users of the
> computer access my credentials (and abuse them)? As a rule
2/protectserve-draft-protocol-flows/
Thanks,
Eve
Eve Maler eve.maler @ sun.com
Emerging Technologies Directorcell +1 425 345 6756
Sun Microsystems Identity Softwarewww.xmlgrrl.com/blog
--
Chris Messina
Citiz
separate lists when the
> audience is pretty much the same.
>
> Unless anyone objects, I will turn the extension list to read-only on
> Monday. The list will remain open for archive purposes.
>
> EHL
>
>
> >
>
--
Chris Messina
Citizen-Participant &
Open W
s achieves nothing
>> whatsoever.
>>
>> It can't be healthy to have lawyers who believe they have an effective
>> mechanism that is in fact completely ineffective.
>>
>>
>>
>>
>
> >
>
--
Chris Messina
Citizen-Participant &
Op
u&%40diffWrap=s&r1=2146&r2=2920&u=3&ignore=&k=
URL: http://www.xmpp.org/extensions/xep-0235.html
--
Peter Saint-Andre
https://stpeter.im/
--
Chris Messina
Citizen-Participant &
Open Web Advocate
factoryjoe.com // diso-project.org // vidoop.com
This
t;
> >
> >
> > Nial wrote:
> > > This opens the question of whether or not to store my consumer key/
> > > secret within the widgets JS files or request them from a third-party
> > > server as and when the widget is initialized. If I were to do the
>
27;t necessarily get you better security — only better visibility into
how certain consumers are being used. Depending on your app, it might be
worth it. For most, it's probably not worth it.
Perhaps other people have more telling experiences/numbers?
Chris
--
Chris Messina
Citi
ration as a Proposed Standard
Nov 2009Prepare milestone update to start new work within the scope of
the charter
___
oauth mailing list
oa...@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Chris Messina
Citizen-Participant &
Open Web
te current practices in the
wild. I know that this kind of thing freaks us out:
http://www.flickr.com/photos/factoryjoe/3260710115/
...but it's clear that that's not the case for all developers.
Chris
--
Chris Messina
Citizen-Participant &
current examples, especially
in light of some of the recent feedback from Twitter devs [1][2].
Chris
[1] http://blog.atebits.com/2009/02/fixing-oauth/
[2] https://twitter.pbwiki.com/oauth-desktop-discussion
--
Chris Messina
Citizen-Participant &
Open Web Advocate-at-Large
factoryjoe.com #
e or
where the specs weren't clear. It would be great to get this feedback in one
place, and then write documentation to help others avoid similar pitfalls.
Feel free to use the respective wikis to documents these issues.
Thanks!
Chris
--
Chris Messina
Citizen-Participant &
Open Web Advo
eneric
> |usage could make using OAuth in other areas somewhat more difficult
> |from a standards perspective.
> |
> |(I wasn't sure which list to ask this on - it seems somewhat more to
> |do with Core than the current discussions on the ITEF list)
> |
> |
>
> &g
t;Correctness" can be ascertained solely from the
> presented token + presenter's identity. In that way the token can be issued
> by anyone at anytime.
>
> SAML and Kerberos anyone? ;)
I don't think that that's the behavior that we saw in the wild.
Perhaps it'
for your help, I really appreciate it (receiving a PhD is
> easier with the help of a community ;-) ). Greetings,
>
> Jorgito
> >
>
--
Chris Messina
Citizen-Participant &
Open Web Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email
n't.
>
> As for software asking for passwords, I believe this has a relatively
> narrow scope. For instance the AOL desktop client asking for the AOL
> password. I agree that we should move away from the current model where
> Facebook asks for the AOL password when finding friend
on).
>
> I realize that there are security issues with allowing a "client" or API
> based authentication mechanism, but there are certain cases where it
> provides a better user experience and the user is comfortable trusting
> the application/device.
>
> Thanks,
>
t; used for the purpose.
> >
> > But it seems dangerous to extend OAuth to do authentication as well as
> > authorization. Better for OAuth to focus on doing one thing really
> > well.
> > >
> >
>
> >
>
--
Chris Messina
Citiz
p://www.ietf.org/mail-archive/
> web/oauth/current/msg5.html<http://www.ietf.org/mail-archive/web/oauth/current/msg5.html>>
> and it is very much still open and
> far from conclusion. If you have an interest or a stake in how OAuth
> might evolve, it is crucial that yo
es return a 503.
>>
>> Just a heads up in the hopes that someone reading will get it back up.
>>
>> Thanks
> >
>
--
Chris Messina
Citizen-Participant &
Open Web Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop
the general mailing list
> -fangel
>
> On Jan 15, 2009, at 9:17 AM, Chris Messina wrote:
>
> Hi Bruno,
> I've added you to the repository so you can commit this change.
> It's true that we haven't developed a good process for code review and
> submitting patches.
gt; read:
>>
>> $out ='Authorization: OAuth realm="' . $realm . '",';
>>
>> instead of
>>
>> $out ='"Authorization: OAuth realm="' . $realm . '",';
>>
>> (there's an extra dou
in this case, so it can respond appropriately?
>
> On Jan 2, 9:02 am, John Panzer wrote:
> > I thought this worked well in the Pownce demo last year. There does
> > seem to be controversy about its usability; if someone wants to try this
> > out and provide data on any issues t
ould also be welcome:)
>
> We have posted this in the "OpenSocial > Implementing OpenSocial
> Containers" groups aswell.
>
> >
>
--
Chris Messina
Citizen-Participant &
Open Web Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
y right now.
Right now I'd love to hear any feedback on this. There are a couple
of phpUnit tests to see how the pieces fit together. Does this seem
like a logical approach to this problem? Am I overlooking anything
really big?
Thanks,
Will
--
Chris Messina
Citizen-Participant &am
ive-c/subscribe
Chris
--
Chris Messina
Citizen-Participant &
Open Web Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is: [ ] bloggable[X] ask first [ ] private
--~--~-~--~~~---~--~~
You received thi
to identify the user if they've already logged on
> previously?
>
> >
>
--
Chris Messina
Citizen-Participant &
Open Web Advocate-at-Large
Vote in the OpenID Board Election!
http://tr.im/vote_oidf
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.c
of
> permanent identifier for the user I can store locally? That way I can
> create site specific profile information for the user, and every time
> that they log in using oauth, I will get something I can compare my
> database data to, to identify the user if they've alread
members from the old list will join the new list as well. If you
> consider this simply a separation between 1.0 deployment and 1.1
> development, it doesn't really fracture the community. But either way I will
> be happy to bridge to two (and have been).
>
> EHL
>
>
>
nsions discussions should be happening on the IETF list until decided
> they are out of scope and at that point move here.
>
> ---
>
> Other suggestions? Feedback?
>
> EHL
>
>
>
>
> ___
> oauth mailing list
> oa...@ietf.org
> https://www.ietf.org
t; gadget
> As of unclear documentation about implimentation of (google) OAuth
> Servers (for service providers) & Container servers, we would be much
> appreciated to get some advice/directions and best practices beside
> what already published on the web!
>
> Hertzel
>
>
periment, so
> even an up and coming social network with more flexible access than
> the majors is fine.
>
> Thanks,
> Chris
>
> >
>
--
Chris Messina
Citizen-Participant &
Open Technology Advocate-at-Large
factoryjoe.com # diso-pro
ssues section of the Google code page for months now. Hopefully the
> fix actually makes it into the codebase now...
>
> --
> Paul Bonser
> http://blog.paulbonser.com
>
> >
>
--
Chris Messina
Citizen-Participant &
Open Technology
87 matches
Mail list logo
