[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Social] Authentication
From: |
Ian Denhardt |
Subject: |
Re: [Social] Authentication |
Date: |
Wed, 9 Jun 2010 13:05:14 -0400 |
On Wed, 09 Jun 2010 11:58:58 -0400
Matt Lee <address@hidden> wrote:
> On 06/09/10 11:33, Ian Denhardt wrote:
>
> > While this is a possibility, I have a concern regarding supporting
> > multiple authentication schemes. For a standard to be useful as such,
> > it needs to be practical to implement it. If it's too difficult, at
> > best implementations will 'sort of' work with the standard, which isn't
> > good enough. My worry is that if we decide to support a wide array of
> > auth schemes, then to be able to reliably federate with the rest of the
> > world, each implementation will have to support *all* of them, and so
> > it will be very difficult to implement. I don't want us to get into a
> > situation where it can't be depended on that two different pieces of
> > software supporting the "gnu social protocol" can't be assumed to be
> > able to federate successfully. At the very least, if we are to support
> > multiple auth schemes at all, the protocol should mandate *one* scheme
> > that will always be available if nothing else is.
>
> Let's make sure that it's possible to communicate with existing
> StatusNet installs.
>
> I don't understand what OAuth or OpenID doesn't have.
>
OpenID could work, I think it supports most of what we need (though it
still leaves us needing a data format, but no reason we couldn't
still just use foaf or soemthing for that.) My primary concern with
OpenID is that it's somewhat more complex than foaf+ssl if I understand
things correctly. This isn't a total deal breaker necessarily, but I
think it's a point worth considering. Are there any significant
advantages of OpenID vs. FOAF+SSL?
OAuth also *could* be made to work, but I don't like it because it
requires me to generate a token to give to my friends when I want to
share stuff with them. what I want to be able to do is just say "grant
access to this content to this WebID/OpenID." much simpler for the
user. I don't want this to be another piece of software that only geeks
use because we've made some arcane choices.
I do agree that interoperability with existing status.net installs is a
good goal in theory, but I'm not certain the existing status.net
federation capabilities are really capable of doing what we need.
--
Ian Denhardt <address@hidden>
Re: [Social] Authentication, Ian Denhardt, 2010/06/09
Re: [Social] Authentication, Melvin Carvalho, 2010/06/10