Re: [oauth] "Fixing OAuth" blog post
John Kemp <john@jkemp.net> Thu, 19 February 2009 22:13 UTC
Return-Path: <john@jkemp.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E82063A6C2C for <oauth@core3.amsl.com>; Thu, 19 Feb 2009 14:13:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.521
X-Spam-Level:
X-Spam-Status: No, score=-1.521 tagged_above=-999 required=5 tests=[AWL=-0.745, BAYES_05=-1.11, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UU5D1Fflk0xD for <oauth@core3.amsl.com>; Thu, 19 Feb 2009 14:13:13 -0800 (PST)
Received: from outbound-mail-144.bluehost.com (outbound-mail-144.bluehost.com [67.222.38.34]) by core3.amsl.com (Postfix) with SMTP id F2A503A68EC for <oauth@ietf.org>; Thu, 19 Feb 2009 14:13:12 -0800 (PST)
Received: (qmail 15307 invoked by uid 0); 19 Feb 2009 22:11:00 -0000
Received: from unknown (HELO box320.bluehost.com) (69.89.31.120) by outboundproxy5.bluehost.com with SMTP; 19 Feb 2009 22:11:00 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=jkemp.net; h=Received:Cc:Message-Id:From:To:In-Reply-To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:References:X-Mailer:X-Identified-User; b=wxw6oDxBCM6xi9rI7eLTrxy4+folaY4KodULFlnE78FtQpbJDPHAfKbq7OGRZEOjZUtRE+o2GQ66lz8aEJut7K0ki26eDEEh2qJKPJlFeMNIB0wryP0HBrQtnU0vbcxw;
Received: from cpe-69-205-56-47.nycap.res.rr.com ([69.205.56.47] helo=mztrcscn117.americas.nokia.com) by box320.bluehost.com with esmtpa (Exim 4.69) (envelope-from <john@jkemp.net>) id 1LaH94-0001J6-I6; Thu, 19 Feb 2009 15:13:26 -0700
Message-Id: <BCD19435-A7A7-4EC0-B8BD-7D9FD4F5B065@jkemp.net>
From: John Kemp <john@jkemp.net>
To: Lisa Dusseault <lisa.dusseault@gmail.com>
In-Reply-To: <ca722a9e0902191359n746cf98fmc4992a74be98880d@mail.gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Thu, 19 Feb 2009 17:13:24 -0500
References: <ca722a9e0902191359n746cf98fmc4992a74be98880d@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
X-Identified-User: {1122:box320.bluehost.com:jkempnet:jkemp.net} {sentby:smtp auth 69.205.56.47 authed with john+jkemp.net}
Cc: oauth <oauth@ietf.org>
Subject: Re: [oauth] "Fixing OAuth" blog post
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Oauth bof discussion <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2009 22:13:14 -0000
On Feb 19, 2009, at 4:59 PM, Lisa Dusseault wrote: > From http://blog.atebits.com/2009/02/fixing-oauth/ > > ... a few years from now when OAuth is finally integrated sensibly, > I think it actually will be quite nice. "Integrated sensibly" is > key. Today is an opportunity to get it right. > [...] > > I think the ultimate goal is to have a single, global, native- > looking, "blessed" authentication gateway on every device. This > gateway could be expressed on different devices in different ways. > On the iPhone for example, it could be represented as a special OS- > provided window (running in a protected process) that slid up over > an app, allowing the user to enter a password (or authenticate via > something else like OpenID). The sheet would then slide back down > revealing the app after authentication was complete. The requesting > app would never need to quit. There would be no need for any web > pages, and the authentication experience would be completely > standardized across every app on that device that used OAuth. http://tools.ietf.org/html/draft-dehora-farrell-oauth-accesstoken-creds-00 is perhaps a good start. Regards, - johnk
- [oauth] "Fixing OAuth" blog post Lisa Dusseault
- Re: [oauth] "Fixing OAuth" blog post kellan
- Re: [oauth] "Fixing OAuth" blog post John Kemp