[mailto:wmills_92...@yahoo.com]
Sent: Tuesday, February 05, 2013 6:49 PM
To: Lewis Adam-CAL022; Tim Bray
Cc: WG oauth@ietf.org@il06exr02.mot.com
Subject: Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
Why use OAuth when OpenID does everything that OAuth can do as an
authentication method
, 2013 2:27 PM
Subject: RE: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
I think this is becoming a largely academic / philosophical argument by this
time. The people who designed OAuth will likely point out that it was
conceptualized as an authorization protocol to enable
@il06exr02.mot.com
*Subject:* Re: [OAUTH-WG] Why OAuth it self is not an authentication
framework ?
** **
Why use OAuth when OpenID does everything that OAuth can do as an
authentication method and does a few things much better?
Specifically OAuth lacks any defined way
FYI and for your comments..
http://blog.facilelogin.com/2013/02/why-oauth-it-self-is-not-authentication.html
Thanks Regards,
Prabath
Mobile : +94 71 809 6732
http://blog.facilelogin.com
http://RampartFAQ.com
___
OAuth mailing list
OAuth@ietf.org
OAuth is an Authorization protocol as many of us have pointed out.
The post is largely correct and based on one of mine.
John B.
On 2013-02-05, at 12:52 PM, Prabath Siriwardena prab...@wso2.com wrote:
FYI and for your comments..
Another very good writeup of this was published recently as well:
http://blogs.msdn.com/b/vbertocci/archive/2013/01/02/oauth-2-0-and-sign-in.aspx
This confusion seems to be a major sticking point among developers.
-- Justin
On 02/05/2013 02:52 PM, Prabath Siriwardena wrote:
FYI and for your
why pigeonhole it?
OAuth can be deployed with no authz semantics at all (or at least as
little as any authn mechanism), e.g client creds grant type with no scopes
I agree that OAuth is not an *SSO* protocol.
On 2/5/13 3:36 PM, John Bradley wrote:
OAuth is an Authorization protocol as many
paul.mad...@gmail.com
To: John Bradley ve7...@ve7jtb.com
Cc: oauth@ietf.org WG oauth@ietf.org
Sent: Tuesday, February 5, 2013 1:12 PM
Subject: Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
why pigeonhole it?
OAuth can be deployed with no authz semantics at all (or at least
, February 5, 2013 1:12 PM
*Subject:* Re: [OAUTH-WG] Why OAuth it self is not an authentication
framework ?
why pigeonhole it?
OAuth can be deployed with no authz semantics at all (or at least as
little as any authn mechanism), e.g client creds grant type with no scopes
I agree that OAuth
...@ve7jtb.commailto:ve7...@ve7jtb.com
Cc: oauth@ietf.orgmailto:oauth@ietf.org WG
oauth@ietf.orgmailto:oauth@ietf.org
Sent: Tuesday, February 5, 2013 1:12 PM
Subject: Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
why pigeonhole it?
OAuth can be deployed with no authz
] On Behalf Of Tim
Bray
Sent: Tuesday, February 05, 2013 3:28 PM
To: William Mills
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
OIDC seems about the most plausible candidate for a “good general solution”
that I’m aware of. -T
: RE: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
I think this is becoming a largely academic / philosophical argument by this
time. The people who designed OAuth will likely point out that it was
conceptualized as an authorization protocol to enable a RO to delegate
12 matches
Mail list logo