This wiki is no longer active and is left here for historical purposes. Please visit oauth.net for up-to-date information.
View
 

MeetingNotes20070611

Page history last edited by Chris Messina 10 years, 4 months ago

Attendees

 

LarryHalff, ChrisMessina, JosephSmarr, DaveRecordon, AlexPayne, BlaineCook, DeWittClinton, EricSachs (pm for google accounts), PaulMcDonald

 

Notes

 

  • flickr's + bbauth has issues... no body signing...
  • google's was google-specific
  • what are common features of all these specs -- and boil them down into one... write once, use on both server and client side...
  • google wants to pull data from 3rd party sites... iGoogle gadgets (building an iGoogle widget for accessing AOL mail, etc) and premium content (news publishers want stuff to show up in google news if user has paid for it)... Google Checkout...
  • netvibes, facebook, iGoogle, etc... all need this...
  • plaxo... as a consumer of these services -- user currently asks for username/password... for one, write it once for every site, two, that they accept username/password, still needs tight user experience...
    • does whatever we come up also allow for ideal user experience
  • for blogger... flickr posting to blogger is the case for AuthSub
  • kellan -- social process... like microformats... OpenAuth pulls from best practices
    • signing is where the challenges lie; username/password is much easier
  • coda hail -- working on wesabe... has super high threat level... so we need common libraries but flexibility to change out threat model...
  • eric -- google talking out... google could support it on server side but maybe not client-side libraries...
    • get more vendors involved to see what they need and how to extend it
    • how does 3rd party site request multiple things from multiple resources?
    • if two sites are doing some kind of authentication... how can you extend authorization to third party sites via authentication...?
  • in terms of marketing... how do we market this out more widely... concerns about ownership, etc. or at least getting it out there with no encumbrances
  • authsub as profile of...
  • google could document token-based auth...
  • document what twitter and magnolia need... start documenting the various use cases...
  • facebook's use...
  • need to talk to AOL... Blaine sez spec looked overly complex... OpenAuth vs other AOL protocol...?

 

Google

 

  • write down specifically how they're using it, and how they designed it
  • service consumers... real world implementation uses
  • have Google folks help vet the proposal
  • adam bosworth... google health... plan to use authsub for hospital approvals... end of summer fall will be using authsub for healthcare decisions

 

OAuth

 

  • hacksession -- thursday night in the city...

 

dave r

 

  • will contact some folks at AOL

 

microsoft live contacts API has tokenization auth...

 

AuthSub...

Comments (0)

You don't have permission to comment on this page.