Google Releases Hybrid OpenID OAuth Extension
10 views
Skip to first unread message
Reuven Cohen
Jan 29, 2009, 5:10:25 PM1/29/09
to cloud...@googlegroups.com
Interesting release from Google today,
they've released a hybrid OpenID OAuth Extension which they describe as
a mechanism to combine an OpenID authentication request with the
approval of an OAuth request token. In case you're not familiar with
oAuth, it is an open protocol, initiated by Blaine Cook and Chris
Messina, to allow secure API authorization in a simple and standard
method for desktop, mobile and cloud applications.
For consumer developers, OAuth is a method to publish and interact with protected personal data. For service provider developers, OAuth gives users access to their data while protecting their account credentials. In other words, OAuth allows a user to grant access to their information on one site (the Service Provider), to another site (called Consumer), without sharing all of his or her identity.
The new Google sponsored OpenID OAuth Extension describes how to make the OpenID Authentication and OAuth Core specifications work well together. In its current form, it addresses the use case where the OpenID Provider and OAuth Service Provider are the same service. To provide good user experience, it is important to present, to the user, a combined authentication and authorization screen for the two protocols.
--
--
Reuven Cohen
Founder & Chief Technologist, Enomaly Inc.
blog > www.elasticvapor.com
-
Open Source Cloud Computing > www.enomaly.com
For consumer developers, OAuth is a method to publish and interact with protected personal data. For service provider developers, OAuth gives users access to their data while protecting their account credentials. In other words, OAuth allows a user to grant access to their information on one site (the Service Provider), to another site (called Consumer), without sharing all of his or her identity.
The new Google sponsored OpenID OAuth Extension describes how to make the OpenID Authentication and OAuth Core specifications work well together. In its current form, it addresses the use case where the OpenID Provider and OAuth Service Provider are the same service. To provide good user experience, it is important to present, to the user, a combined authentication and authorization screen for the two protocols.
This extension describes how to embed an OAuth approval
request into an OpenID authentication request to permit
combined user approval. For security reasons, the OAuth access
token is not returned in the OpenID authentication response.
Instead a mechanism to obtain the access token is provided.
If you're interested in looking at some code, check out our working sample using the Google Data PHP client library. The source code is available here.
See docs here > http://step2.googlecode.com/svn/spec/openid_oauth_extension/latest/openid_oauth_extension.html--
--
Reuven Cohen
Founder & Chief Technologist, Enomaly Inc.
blog > www.elasticvapor.com
-
Open Source Cloud Computing > www.enomaly.com
gary mazzaferro
Jan 30, 2009, 1:56:38 AM1/30/09
to cloud...@googlegroups.com
Awesome. this is a big step.
-gary
-gary
Paulo Calcada
Jan 30, 2009, 5:58:42 AM1/30/09
to cloud...@googlegroups.com
Great, I'm look forwarding to read all delays about this BIG step.
Paulo
Paulo
2009/1/30 gary mazzaferro <garymaz...@gmail.com>
Paulo Calcada
Jan 30, 2009, 6:37:14 AM1/30/09
to cloud...@googlegroups.com
This is a great step forward in the Interoperability field, as I already have told, instead of developing new tools or platforms ,reusing old ones and try to combine them is a great way to easily have real interoperability.
Paulo
Paulo
2009/1/30 Paulo Calcada <pcal...@gmail.com>
Reuven Cohen
Jan 30, 2009, 9:24:28 AM1/30/09
to cloud...@googlegroups.com
r/c
Gary Mazzaferro
Jan 30, 2009, 1:07:58 PM1/30/09
to cloud...@googlegroups.com
I'll explain, I've been working on a pet project for more time than
pride allows me to tell. Bottom line, its a scalable directory to 10
billion IDs, it needs a different data scheme to go larger. User access
is classified as authentication and authorization. Authentications has
many options, converse to the later. Authorization is an issue from the
aspect of interoperability. Adoption of ANY authorization mechanism is a
big deal.
-gary
pride allows me to tell. Bottom line, its a scalable directory to 10
billion IDs, it needs a different data scheme to go larger. User access
is classified as authentication and authorization. Authentications has
many options, converse to the later. Authorization is an issue from the
aspect of interoperability. Adoption of ANY authorization mechanism is a
big deal.
-gary
Reply all
Reply to author
Forward
0 new messages