[jdev] Open Auth
Jonathan Dickinson
jonathanD at k2.com
Mon Jun 30 02:44:14 CDT 2008
Hi People,
Seems like people are taking OAuth seriously. Google has (apparently) recently rolled out support for it. Quoted:
"This is what OAuth does, it allows the you the User to grant access to your private resources on one site (which is called the Service Provider), to another site (called Consumer, not to be confused with you, the User). While OpenID is all about using a single identity to sign into many sites, OAuth is about giving access to your stuff without sharing your identity at all (or its secret parts)."
Maybe someone should have a look at this for a possible interop spec? Hit login, open a web page and authenticate: I suppose it works like the Facebook API in many ways (can store a permanent login token).
The nice thing about it, I guess, is that by supporting it we can remove the dependency of plain-text passwords in the DB (because you are in charge of how the passwords are checked, not X-amount of SASL mechanisms that collectively force you to store it in plain-text).
http://oauth.net
-- Jonathan
More information about the JDev
mailing list