W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [widgets] OAuth and openID

From: Thomas Roessler <tlr@w3.org>
Date: Sat, 28 Feb 2009 15:35:55 -0600
Cc: Jon Ferraiolo <jferrai@us.ibm.com>, marcosc@opera.com, Dan Brickley <danbri@danbri.org>, "public-webapps@w3.org" <public-webapps@w3.org>, public-webapps-request@w3.org
Message-Id: <965CE030-833B-40A1-9B14-4B4371A74917@w3.org>
To: Scott Wilson <scott.bradley.wilson@gmail.com>
On 23 Feb 2009, at 15:31, Scott Wilson wrote:

> Because many widgets are small local applications offered for remote  
> services that use different user accounts, oAuth is a very important  
> and relevant technology. Which is why, for example, it has been a  
> major task in the oAuth and OpenSocial/Gadgets community to  
> integrate the technology.

> ((Note also that last I heard oAuth was going to IETF for  
> standardisation))

See:
   http://www.ietf.org/mail-archive/web/oauth/current/msg00085.html
   https://datatracker.ietf.org/meeting/74/agenda.html

I guess my question is mostly what part of oauth would likely be in  
scope for a widget spec.  My sense is that the likeliest point of  
interaction could be a hand-off mechanism between browser and widget  
to enable a browser-based OAuth authorization decision outside the  
widget itself.  That sounds like it could be added later.

I also suspect that the specification that is going to be most  
relevant for combining OAuth and Widgets is going to be XMLHttpRequest  
level 2.
Received on Saturday, 28 February 2009 21:36:05 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT