If there are issues with the old standard, there is no significant advantage to use of the old spec (besides the case that it already exists, etc...), and you are intending to actually use the standard rather than just throw it out for people to use. Then that's really a valid situation to write a new standard in.
But the problem is that "it already exists" is in fact a valid reason to use a protocol. There are numerous libraries out there (including a PHP extension) that allow people to use OAuth to authenticate with services. Making our own protocol just makes it more difficult for application developers since, in addition to developing their application, they have to make their own client side functionality to fulfill our custom protocol. Furthermore, as I said before, OAuth 1 isn't bad. It provides for secure authentication and authorization of the client while protecting against replay attacks. Furthermore, I'd like to at least put some faith in the IETF, considering they are quite intelligent people, and not just toss out their protocol because it isn't "perfect" (quotes are intentional). If somebody wants to go ahead and make an extension for a custom authentication protocol, feel free to do so, but I still believe OAuth support should be our ultimate goal in terms of third-party application security.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Sun, Aug 26, 2012 at 2:38 PM, Amir E. Aharoni < amir.aharoni@mail.huji.ac.il> wrote:
2012/8/26 Mark A. Hershberger mah@everybody.org:
On 08/24/2012 01:33 PM, Nabil Maynard wrote:
- Persona: Previously called BrowserID. It's come a LONG way in the
past
few months, and provides another fairly clean identity/authentication system.
As a bonus, there is already a BrowserID extension for Bugzilla that Mozilla is using. Maybe integrating MW and BrowserID would solve the identity problem in Bugzilla.
+[[Crore]].
-- Amir Elisha Aharoni · אָמִיר אֱלִישָׁע אַהֲרוֹנִי http://aharoni.wordpress.com “We're living in pieces, I want to live in peace.” – T. Moore
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l