Hoi,
I have re-read the Wikipedia article about OpenID and OpenAuth.
OpenAuth while nice in many ways is NOT the same as OpenID. User
authentication is one easy and obvious requirement and I have already said
too much about its need.
It is NOT clear at all to me why OpenAuth should be regarded over OpenID.
The use case for OpenID is obvious. In contrast the case for OpenAuth is
not clear at all. What practical things will it solve?
Thanks,
GerardM
On 27 August 2012 01:48, Tyler Romeo <tylerro...@gmail.com> wrote:
> >
> > If there are issues with the old standard, there is no significant
> > advantage to use of the old spec (besides the case that it already
> exists,
> > etc...), and you are intending to actually use the standard rather than
> > just throw it out for people to use. Then that's really a valid situation
> > to write a new standard in.
>
>
> But the problem is that "it already exists" is in fact a valid reason to
> use a protocol. There are numerous libraries out there (including a PHP
> extension) that allow people to use OAuth to authenticate with services.
> Making our own protocol just makes it more difficult for application
> developers since, in addition to developing their application, they have to
> make their own client side functionality to fulfill our custom protocol.
> Furthermore, as I said before, OAuth 1 isn't bad. It provides for secure
> authentication and authorization of the client while protecting against
> replay attacks. Furthermore, I'd like to at least put some faith in the
> IETF, considering they are quite intelligent people, and not just toss out
> their protocol because it isn't "perfect" (quotes are intentional). If
> somebody wants to go ahead and make an extension for a custom
> authentication protocol, feel free to do so, but I still believe OAuth
> support should be our ultimate goal in terms of third-party application
> security.
>
> *--*
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2015
> Major in Computer Science
> www.whizkidztech.com | tylerro...@gmail.com
>
>
>
> On Sun, Aug 26, 2012 at 2:38 PM, Amir E. Aharoni <
> amir.ahar...@mail.huji.ac.il> wrote:
>
> > 2012/8/26 Mark A. Hershberger <m...@everybody.org>:
> > > On 08/24/2012 01:33 PM, Nabil Maynard wrote:
> > >> - Persona: Previously called BrowserID. It's come a LONG way in the
> > past
> > >> few months, and provides another fairly clean identity/authentication
> > >> system.
> > >
> > > As a bonus, there is already a BrowserID extension for Bugzilla that
> > > Mozilla is using. Maybe integrating MW and BrowserID would solve the
> > > identity problem in Bugzilla.
> >
> > +[[Crore]].
> >
> > --
> > Amir Elisha Aharoni · אָמִיר אֱלִישָׁע אַהֲרוֹנִי
> > http://aharoni.wordpress.com
> > “We're living in pieces,
> > I want to live in peace.” – T. Moore
> >
> > _______________________________________________
> > Wikitech-l mailing list
> > Wikitech-l@lists.wikimedia.org
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> >
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
