W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [widgets] OAuth and openID

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 23 Feb 2009 12:02:21 +0100
To: Jon Ferraiolo <jferrai@us.ibm.com>
Message-Id: <46401B14-8E0A-497D-AF0C-3A5F5CB518D1@w3.org>
Cc: marcosc@opera.com, Dan Brickley <danbri@danbri.org>, "public-webapps@w3.org" <public-webapps@w3.org>, public-webapps-request@w3.org
On 23 Feb 2009, at 05:15, Jon Ferraiolo wrote:

> OAuth is a technology that authorizes someone to do something. For  
> example, an OAuth server might authorize you to cast a vote in an  
> election. Regarding authorization, in the most common case of W3C  
> Widgets, you would most likely use something like an OMTP/BONDI  
> policy file or some sort of platform-specific (maybe implicit)  
> policy to control authorization instead of OAuth. My thinking is  
> that you can ignore OAuth for now.

I think you're conflating policy and protocol here -- OAuth is a way  
to share an authorization token (and really not much more); it doesn't  
tell you how to write your authorization policies.

> If I were on the committee, I would push to finish Widgets 1.0 as  
> quickly as possible, and then put OpenID and OAuth on the list for  
> things to consider for Widgets 1.1.


OAuth seems most relevant to XMLHttpRequest level 2, and much less  
relevant to the widget specs.
Received on Monday, 23 February 2009 11:02:30 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:14 UTC