Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Implementing OpenSocial Containers
Home
About this group
Contact owner to join
Authentication
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   5 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Al  
View profile  
 More options Nov 2 2007, 7:57 pm
From: Al <a...@folknology.com>
Date: Fri, 02 Nov 2007 23:57:39 -0000
Local: Fri, Nov 2 2007 7:57 pm
Subject: Authentication
Print | Individual message | Show original | Report this message | Find messages by this author
Looking at the REST API It seems to indicate using Google AuthSub
etc..

If one was to implement a full container API (including REST) would we
still be expected to use Google AuthSub or can we solely use our own
Authentications. I just need to clarify this part of the API.

regards
Al


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
John Panzer Google employee  
View profile  
 More options Nov 2 2007, 8:35 pm
From: "John Panzer" <jpan...@google.com>
Date: Fri, 2 Nov 2007 17:35:31 -0700
Local: Fri, Nov 2 2007 8:35 pm
Subject: Re: [opensocial-container] Authentication
Print | Individual message | Show original | Report this message | Find messages by this author

Two answers:

(1) For interactions mediated through your container page to your own server
via XHR, you can use your own auth mechanisms (cookies or extra headers for
example).  This should cover most use cases.

(2) We're not expecting the rest of the world to implement the server side
of AuthSub.  We'd like to use an open standard for this, and we're looking
hard at OAuth (http://oauth.net) for this purpose.  If this happens of
course we'd accept OAuth credentials as well as AuthSub in our own REST
API.  Feedback is welcomed!

-John

On 11/2/07, Al <a...@folknology.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Paul Lindner  
View profile  
 More options Nov 2 2007, 9:04 pm
From: Paul Lindner <plind...@hi5.com>
Date: Fri, 2 Nov 2007 18:04:38 -0700
Local: Fri, Nov 2 2007 9:04 pm
Subject: Re: [opensocial-container] Re: Authentication
Print | Individual message | Show original | Report this message | Find messages by this author

On Fri, Nov 02, 2007 at 05:35:31PM -0700, John Panzer wrote:
> Two answers:

> (1) For interactions mediated through your container page to your own server
> via XHR, you can use your own auth mechanisms (cookies or extra headers for
> example).  This should cover most use cases.

> (2) We're not expecting the rest of the world to implement the server side
> of AuthSub.  We'd like to use an open standard for this, and we're looking
> hard at OAuth (http://oauth.net) for this purpose.  If this happens of
> course we'd accept OAuth credentials as well as AuthSub in our own REST
> API.  Feedback is welcomed!

+1 on OAuth.  We're already working on replacing the Hi5 auth
mechanism with it.

It is pretty similar to AuthSub.

--
Paul Lindner
hi5 Architect
plind...@hi5.com

  application_pgp-signature_part
< 1K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Al  
View profile  
 More options Nov 2 2007, 10:03 pm
From: Al <a...@folknology.com>
Date: Sat, 03 Nov 2007 02:03:31 -0000
Local: Fri, Nov 2 2007 10:03 pm
Subject: Re: Authentication
Print | Individual message | Show original | Report this message | Find messages by this author
Thanks John, OAuth would be an excellent choice and I'm sure others
would agree as it is inline with the 'Open' Nature of Open Social ;-)

regards
Al


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Julian Bond  
View profile  
 More options Nov 3 2007, 4:16 am
From: Julian Bond <julian_b...@voidstar.com>
Date: Sat, 3 Nov 2007 08:16:12 +0000
Local: Sat, Nov 3 2007 4:16 am
Subject: Re: [opensocial-container] Re: Authentication
Print | Individual message | Show original | Report this message | Find messages by this author
John Panzer <jpan...@google.com> Fri, 2 Nov 2007 17:35:31

>Two answers:

>(1) For interactions mediated through your container page to your own
>server via XHR, you can use your own auth mechanisms (cookies or extra
>headers for example).  This should cover most use cases.

>(2) We're not expecting the rest of the world to implement the server
>side of AuthSub.  We'd like to use an open standard for this, and we're
>looking hard at OAuth (http://oauth.net ) for this purpose.  If this
>happens of course we'd accept OAuth credentials as well as AuthSub in
>our own REST API.  Feedback is welcomed!

Now there's an interesting comment!

Absolutely. OAuth for application authentication and OpenID for user
based authentication.

--
Julian Bond  E&MSN: julian_bond at voidstar.com  M: +44 (0)77 5907 2173
Webmaster:           http://www.ecademy.com/     T: +44 (0)192 0412 433
Personal WebLog:     http://www.voidstar.com/    skype:julian.bond?chat
                     *** Just Say No To DRM ***


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google