Hoi,
I have re-read the Wikipedia article about OpenID and OpenAuth.
OpenAuth while nice in many ways is NOT the same as OpenID. User
authentication is one easy and obvious requirement and I have already said
too much about its need.
It is NOT clear at all to me why OpenAuth should be regarded over OpenID.
The use case for OpenID is obvious. In contrast the case for OpenAuth is
not clear at all. What practical things will it solve?
Thanks,
GerardM
On 27 August 2012 01:48, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
If there are issues with the old standard, there is no significant
advantage to use of the old spec (besides the case that it already
exists,
etc...), and you are intending to actually use
the standard rather than
just throw it out for people to use. Then that's really a valid situation
to write a new standard in.
But the problem is that "it already exists" is in fact a valid reason to
use a protocol. There are numerous libraries out there (including a PHP
extension) that allow people to use OAuth to authenticate with services.
Making our own protocol just makes it more difficult for application
developers since, in addition to developing their application, they have to
make their own client side functionality to fulfill our custom protocol.
Furthermore, as I said before, OAuth 1 isn't bad. It provides for secure
authentication and authorization of the client while protecting against
replay attacks. Furthermore, I'd like to at least put some faith in the
IETF, considering they are quite intelligent people, and not just toss out
their protocol because it isn't "perfect" (quotes are intentional). If
somebody wants to go ahead and make an extension for a custom
authentication protocol, feel free to do so, but I still believe OAuth
support should be our ultimate goal in terms of third-party application
security.
*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com
On Sun, Aug 26, 2012 at 2:38 PM, Amir E. Aharoni <
amir.aharoni(a)mail.huji.ac.il> wrote:
2012/8/26 Mark A. Hershberger
<mah(a)everybody.org>rg>:
On 08/24/2012 01:33 PM, Nabil Maynard wrote:
> - Persona: Previously called BrowserID. It's come a LONG way in the
past
few
months, and provides another fairly clean identity/authentication
system.
As a bonus, there is already a BrowserID extension for Bugzilla that
Mozilla is using. Maybe integrating MW and BrowserID would solve the
identity problem in Bugzilla.
+[[Crore]].
--
Amir Elisha Aharoni · אָמִיר אֱלִישָׁע אַהֲרוֹנִי
http://aharoni.wordpress.com
“We're living in pieces,
I want to live in peace.” – T. Moore
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l