Mashable - The Social Media Guide - Latest Comments in OpenID and OAuth: Why Should We Care?

Re: OpenID and OAuth: Why Should We Care?

David — Fri, 26 Sep 2008 14:00:36 -0000

I enjoyed this article as I was having a bit of trouble telling the two apart.

The only problem with OAUTH is that it only lasts for a little while. Which is good in some cases - but bad in others.

What if a user wants to give facebook constant access to their twitter updates? with OAUTH the user would have to give facebook that approval everyday!

Re: OpenID and OAuth: Why Should We Care?

Mike Davies — Thu, 31 Jul 2008 04:50:11 -0000

Just noticed I didn't put link into my previous reply.

http://blogs.verisign.com/i...

Mike

Re: OpenID and OAuth: Why Should We Care?

Mike Daviies — Wed, 30 Jul 2008 07:41:48 -0000

OAUTH and OATH

I think it is worth pointing out another standard which is around with a rather similar name.

OATH works in a related space to OAUTH and
I have posted something here which explains what OATH is relative to OAUTH and OPEN ID.

Thanks

Mike

Re: OpenID and OAuth: Why Should We Care?

Vidoop — Tue, 29 Jul 2008 17:58:12 -0000

Very nice post, its cool to see active discussion going on around these technologies. I work for Vidoop and we have a a few dogs in this race :)

A couple notes... I think of OAuth as your valet key for the web, you give an OAuth token to Flickr to just get your Gmail contacts, as opposed to giving a full username and password.

OpenID as a SSO has quite a bit of promise, though there are some potential downsides. With all your eggs protected in one basket you want to make sure that basket is secure. We require two-factor auth for our provider at http://myVidoop.com and there are a couple other providers that license our tech like Clickpass, or if you have a paypal token you can use Verisign. If you are familiar with Infocards there are a couple OpenID providers that have Infocard support. Whatever OpenID provider you go with I highly suggest making sure they take security seriously.

There is a neat site dedicated to helping 'bug' websites about OpenID support at http://demand.openid.net/

If you do not want to spend money for Roboform we have a free password manager that ties in to your myVidoop account. I actually use it all the time and it has saved me lots of time and allowed me to ditch the notepad totally.

For anyone interested in what Chris Messina is currently up to check out http://diso-project.org/ The project is aiming to create a single package for the many 'distributed social networking components' currently floating around.

Cheers,
Kevin

Re: OpenID and OAuth: Why Should We Care?

janie — Tue, 29 Jul 2008 10:34:51 -0000

OpenID didn't work for me. Typing in a password and being able to log on when and where I want to without any hassles seems to be a lot easier.

Re: OpenID and OAuth: Why Should We Care?

Matthias — Tue, 29 Jul 2008 05:22:46 -0000

I ask myself why so many websites require login in the first place. Take doodle.ch for example. No login required but still great collaboration features.

Re: OpenID and OAuth: Why Should We Care?

kerendg — Mon, 28 Jul 2008 16:36:32 -0000

I wrote about the same issue from the point of view of a mashup application developer; highlighting the three concepts: Security(SSO), Access Control and Single Identity.
These three will make our online services adoption experience more transparent.

The three elements for successful Mashup sign-on process:
http://usingit.wordpress.co...

Keren

Re: OpenID and OAuth: Why Should We Care?

revbean — Mon, 28 Jul 2008 16:16:30 -0000

Lets not ignore the big problem here though, that while everyone and their mother is clamouring to become an OpenID _provider,_ not too many big sites are allowing you to use OpenID as your login credentials. This flies in the face of what OpenID is really all about.

Re: OpenID and OAuth: Why Should We Care?

ceejayoz — Mon, 28 Jul 2008 15:54:18 -0000

Sure, until you have to change your password and have to do it in 30 different sites...