- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 23 Feb 2009 12:02:21 +0100
- To: Jon Ferraiolo <jferrai@us.ibm.com>
- Cc: marcosc@opera.com, Dan Brickley <danbri@danbri.org>, "public-webapps@w3.org" <public-webapps@w3.org>, public-webapps-request@w3.org
On 23 Feb 2009, at 05:15, Jon Ferraiolo wrote: > OAuth is a technology that authorizes someone to do something. For > example, an OAuth server might authorize you to cast a vote in an > election. Regarding authorization, in the most common case of W3C > Widgets, you would most likely use something like an OMTP/BONDI > policy file or some sort of platform-specific (maybe implicit) > policy to control authorization instead of OAuth. My thinking is > that you can ignore OAuth for now. I think you're conflating policy and protocol here -- OAuth is a way to share an authorization token (and really not much more); it doesn't tell you how to write your authorization policies. > If I were on the committee, I would push to finish Widgets 1.0 as > quickly as possible, and then put OpenID and OAuth on the list for > things to consider for Widgets 1.1. +1 OAuth seems most relevant to XMLHttpRequest level 2, and much less relevant to the widget specs.
Received on Monday, 23 February 2009 11:02:30 UTC