shibboleth-dev - RE: [Shib-Dev] Spring supports OAuth
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [Shib-Dev] Spring supports OAuth
- Date: Thu, 12 Feb 2009 12:12:06 -0500
- Organization: The Ohio State University
Peter Williams wrote on 2009-02-12:
> Another motivating argument is that deployment-focussed folks simply want
to
> talk to and mashup with the many oauth sites (who show little sign of
> adopting saml/shib or more formal sts architectures).
Nobody is being prevented from "talking to" OAuth sites. What would you like
Shibboleth to do to make this easier? Identify a single thing that the IdP
or SP could do that helps. They simply don't address the same problem areas
with the same assumptions.
I absolutely think there's a place for IdP-less security for a web service.
Adding an IdP into that contorts the protocol to such a degree that it's not
OAuth anymore. That's not a criticism, just how I see it.
-- Scott
- RE: [Shib-Dev] Spring supports OAuth, Peter Williams, 02/12/2009
- RE: [Shib-Dev] Spring supports OAuth, Scott Cantor, 02/12/2009
- RE: [Shib-Dev] Spring supports OAuth, RL 'Bob' Morgan, 02/12/2009
- <Possible follow-up(s)>
- RE: [Shib-Dev] Spring supports OAuth, Peter Williams, 02/12/2009
Archive powered by MHonArc 2.6.16.