[Python-Dev] Offtopic: OpenID Providers (original) (raw)
Donald Stufft donald at stufft.io
Thu Sep 5 20:35:16 CEST 2013
- Previous message: [Python-Dev] Offtopic: OpenID Providers
- Next message: [Python-Dev] Offtopic: OpenID Providers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sep 5, 2013, at 2:25 PM, Oleg Broytman <phd at phdru.name> wrote:
On Thu, Sep 05, 2013 at 02:16:29PM -0400, Donald Stufft <donald at stufft.io> wrote:
On Sep 5, 2013, at 2:12 PM, Oleg Broytman <phd at phdru.name> wrote: I used to use myOpenID and became my own provider using poit[1]. These days I seldom use OpenID -- there are too few sites that allow full-featured login with OpenID. The future lies in OAuth 2.0. The Auth in OAuth stands for Authorization not Authentication. There is no authorization without authentication, so OAuth certainly performs authentication: http://oauth.net/core/1.0a/#anchor9 , http://tools.ietf.org/html/rfc5849#section-3
They are separate topics and authorization does not need to imply authentication, it so happens that in many particular instances of OAuth you can estimate authentication.
https://en.wikipedia.org/wiki/OAuth#OpenID_vs._pseudo-authentication_using_OAuth
Persona is the logical successor to OpenID.
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20130905/065d9b65/attachment.sig>
- Previous message: [Python-Dev] Offtopic: OpenID Providers
- Next message: [Python-Dev] Offtopic: OpenID Providers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]