Anders Feder wrote:
If I'm not mistaken, OAuth requires the user to approve the
authentication request in her browser, which is an interactive action.
This is true, but this only needs to be done when obtaining an access
token, which can be used potentially forever without further
Any sufficiently advanced web site system is indistinguishable from an OP.
Or, rather, can be turned into an OP. :)
Vinay Gupta wrote:
I think that kind of misses the point. The *namespace* that google
manages is now open for business as an OpenID provider. It's an
unanticipated side-effect
You should probably check out OAuth:
http://groups.google.com/group/oauth, and its draft spec
http://openauth.googlegroups.com/web/OAuth%201.0%20-%20Draft.rtf?gda=s1UWzkYySf4xbkOgHBZma37zlp9GzEEF__EUK3CcB8RrKx_-nmG1qiJ7UbTIup-M2XPURDT_25fdK7wDxUtwqL26wW_WahD8rT1PnKl_iYB0spTcFQ.
Eran
this issue today. All
the good short identifiers are taken and people want them; some of them
have been 'dead' for years; market forces are important here.
2. WIPO + domain name disputes = they may not have a choice. This is
really a global version of #1.
John Panzer
At some point, the weak link will be humans trying to disambiguate
http://joe.example.org/ from http://joe.example.org/2 (or
http://joe.example.org/#2). I don't think there's a big difference
between the two in that context, and I don't think that OID2 needs to
solve this more deeply than
fiers, use a 301 Permanently
Moved response for the old identifier for a minimum of one year.
2. After one year, respond with 410 Permanently Gone for a minimum of
one year.
These are straw men, feel free to knock them down.
(*) May conflict with other forces, such as SEO.
--
John
Panzer
System
of
[EMAIL PROTECTED] in a standard way, while being open to new practices.
Once we can support both we can gain experience and start gradually
migrating people over to the new world. At least that's my take.
--
John
Panzer
System Architect
http://abstractioneer.org
