[oauth] "Fixing OAuth" blog post
Lisa Dusseault <lisa.dusseault@gmail.com> Thu, 19 February 2009 21:59 UTC
Return-Path: <lisa.dusseault@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 954A23A6ABF for <oauth@core3.amsl.com>; Thu, 19 Feb 2009 13:59:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.019
X-Spam-Level:
X-Spam-Status: No, score=-1.019 tagged_above=-999 required=5 tests=[AWL=-1.021, BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uruD60WAh2Dp for <oauth@core3.amsl.com>; Thu, 19 Feb 2009 13:59:48 -0800 (PST)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.235]) by core3.amsl.com (Postfix) with ESMTP id 9D34E3A6807 for <oauth@ietf.org>; Thu, 19 Feb 2009 13:59:36 -0800 (PST)
Received: by rv-out-0506.google.com with SMTP id l9so570920rvb.49 for <oauth@ietf.org>; Thu, 19 Feb 2009 13:59:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=dV/+7UsOGATRSo2LBlzuhQmSbMbO3jLHyUksHOFbh1E=; b=EteIyyYcYdaTV1CY5mOPF+x5SsDTzKwaoqJd0QGZSCZCTK7YpUPa6pQHWySli1zs0n XQ9O0nvsfGv79cAUr65ngLQ5Hvafh3wikGpFcTtrCXL9g4aojj+CXCN+1lkGBHq3Hg2+ 9eolaDHsRN+Qshu+z0+9q71K3ZTgy0XDpvfHg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=HKtgPZey97VYjsyg/AsTM7G5ORjrWWyeCwCVpLZPQdoZYqwdqf1100QADKhepsu2q5 6vUQ2JOfR/sEQqgGMBhAWs2hLAdovATT2K+1+H8kOLOryAAMEbCf64JUYvqihqERrI4u mJrQeuNB9s65w6n4ctQprtCEV1CeWg14y8vHI=
MIME-Version: 1.0
Received: by 10.141.122.20 with SMTP id z20mr17405rvm.171.1235080789682; Thu, 19 Feb 2009 13:59:49 -0800 (PST)
Date: Thu, 19 Feb 2009 13:59:49 -0800
Message-ID: <ca722a9e0902191359n746cf98fmc4992a74be98880d@mail.gmail.com>
From: Lisa Dusseault <lisa.dusseault@gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000e0cd21528bcebb404634ca740"
Subject: [oauth] "Fixing OAuth" blog post
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Oauth bof discussion <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2009 21:59:49 -0000
>From http://blog.atebits.com/2009/02/fixing-oauth/ ... a few years from now when OAuth is *finally* integrated sensibly, I think it actually will be *quite* nice. "Integrated sensibly" is key. Today is an opportunity<http://groups.google.com/group/twitter-development-talk/browse_thread/thread/629b03475a3d78a1/655a8425e1e5e045?show_docid=655a8425e1e5e045>to get it right. [...] I think the ultimate goal is to have a single, global, native-looking, "blessed" authentication gateway on every device. This gateway could be expressed on different devices in different ways. On the iPhone for example, it could be represented as a special OS-provided window (running in a protected process) that slid up over an app, allowing the user to enter a password (or authenticate via something else like OpenID). The sheet would then slide back down revealing the app after authentication was complete. The requesting app would never need to quit. There would be no need for any web pages, and the authentication experience would be completely standardized across *every* app on that device that used OAuth.
- [oauth] "Fixing OAuth" blog post Lisa Dusseault
- Re: [oauth] "Fixing OAuth" blog post kellan
- Re: [oauth] "Fixing OAuth" blog post John Kemp