Following the IIW session on this topic, we updated the spec in http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html
to address the issues that were raised. Especially, optimizing on
how OAuth request token is handled, allowed to remove one full
roundtrip!
Would appreciate any feedback on the updated suggestion.
Thanks
On Mon, Nov 3, 2008 at 12:00 PM, <[EMAIL PROTECTED]> wrote:
Send specs mailing list submissions to
specs@openid.net
To subscribe or unsubscribe via the World Wide Web, visit
http://openid.net/mailman/listinfo/specs
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of specs digest..."
Today's Topics:
1. Proposal to create the OpenID OAuth Hybrid Working Group
(Yariv Adan)
---
-------------------------------------------------------------------
Message: 1
Date: Mon, 3 Nov 2008 15:30:57 +0100
From: Yariv Adan <[EMAIL PROTECTED]>
Subject: Proposal to create the OpenID OAuth Hybrid Working Group
To: specs@openid.net
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
In accordance with the OpenID Foundation IPR policies and
procedures<
http://openid.net/foundation/intellectual-property/ > this note
proposes the
formation of a new working group chartered to produce an OpenID
specification.
As per Section 4.1 of the Policies, the specifics of the proposed
working
group are:
Background Information:
OpenID has always been focused on how to enable user-authentication
within
the browser. Over the last year, OAuth has been developed to allow
authorization either from within a browser, desktop software, or
mobile
devices. Obviously there has been interest in using OpenID and OAuth
together allowing a user to share their identity as well as grant a
Relying
Party access to an OAuth protected resource in a single step. A
small group
of people have been working on developing an extension to OpenID
which makes
this possible in a collaborative fashion within
http://code.google.com/p/step2/. This small project includes a
draft spec
and Open Source implementations which the proposers would like to
finalize
within the OpenID Foundation.
Working Group Name:
OpenID OAuth Hybrid Working Group
Purpose:
Produce a standard OpenID extension to the OpenID Authentication
protocol
that provides a mechanism to embed an OAuth approval request into
an OpenID
authentication request to permit combined user approval. The
extension
addresses the use case where the OpenID Provider and OAuth Service
Provider
are the same service. To provide good user experience, it is
important to
present a combined authentication and authorization screen for the
two
protocols.
Scope:
Standardize the draft Hybrid Protocol (
http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html
)
as an official OpenID Extension describing how to combine an OpenID
authentication request with the approval of an OAuth request token.
Anticipated Contributions:
Draft specification referenced above and various text contributions
as more
developers implement it.
Proposed List of Specifications:
OpenID OAuth Extension 1.0. Spec completion by Q4 2008.
Anticipated audience or users of the work:
- OpenID Providers and Relying Parties
- OAuth Consumers and Service Providers
- Implementers of OpenID Providers and Relying Parties
Language in which the WG will conduct business:
English.
Method of work:
E-mail discussions on the working group mailing list and working
group
conference calls.
Basis for determining when the work of the WG is completed:
The work will be completed once it is apparent that maximal
consensus on the
protocol proposal has been achieved within the working group,
consistent
with the purpose and scope.
Proposers:
- Ben Laurie, [EMAIL PROTECTED], Google
- Breno de Medeiros, [EMAIL PROTECTED], Google
- David Recordon, [EMAIL PROTECTED], Six Apart
- Dirk Balfanz, [EMAIL PROTECTED], Google
- Joseph Smarr, [EMAIL PROTECTED], Plaxo
- Yariv Adan, [EMAIL PROTECTED], Google - Allen Tom, [EMAIL PROTECTED]
,
Yahoo
- Josh Hoyt, [EMAIL PROTECTED] , JanRain
Initial Editors:
- Dirk Balfanz, [EMAIL PROTECTED], Google - Breno de Medeiros,
[EMAIL PROTECTED], Google
--
Yariv Adan | Product Manager
Google Switzerland GmbH | Identifikationsnummer: CH-020.4.028.116-1
This e-mail is confidential. If you are not the right addressee
please do
not forward it, please inform the sender, and please erase this e-
mail
including any attachments. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://openid.net/pipermail/specs/attachments/20081103/21c48c00/attachment.html
------------------------------
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
End of specs Digest, Vol 27, Issue 3
************************************
--
Yariv Adan | Product Manager
Google Switzerland GmbH | Identifikationsnummer: CH-020.4.028.116-1
This e-mail is confidential. If you are not the right addressee
please do not forward it, please inform the sender, and please
erase this e-mail including any attachments. Thanks.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs