Archives
June 2007
6/28/07
Why OpenAuth ?
6/27/07
6/20/07
6/18/07
Thursday, June 28, 2007
During the Catalyst conference some people asked me why did we
implement OpenAuth when we want to use open standards. It was a great
question, which I think I should have clarified in my session. Anyway
the answer is very simple and straight.
Our goal with OpenAuth is to show what we ( I am very sure most of the other Identity Providers too) need (use-cases) in the Web 2.0 world and a way of solving them. We would be more than happy to work with (infact we are already) the web communities and tech groups to extend the existing Open protocols to support these use cases. George Fletcher also presented some of these use cases at the Concordia Project Workshop in the Catalyst conference earlier this week.
- Praveen
openauth at 1:24:00 PM EDT Blog about this entry |
Add to del.icio.us | 
digg this
Why OpenAuth ?
- OpenID doesn't support all the use cases we need to support as per our business needs (mainly service level fine grain consent management, Service Invocation and not but not least more AJAX friendly than OpenID)
- SAML/Liberty is too complex to implement for simple Web 2.0 web-apps, which are mostly built using simple scripting languages like Javascript or using new languages like Ruby for which there are no production quality SAML packages yet. And ofcourse we all know that SAML is too heavy for low value web transactions. That said, I would like to point out that we do use SAML for high value transactions between AOL and trusted Partners that are in business relationship with us.
- CardSpace is still in it's very early stages. It's a completely new visual paradigm and would take users some time before they understand how it works and use it. Also currently it depends on specific Windows .Net framework and the new Vista. Support for other platforms (OSIS project) is still in the very early stages too. Also even when CardSpace is widely deployed and supported, with the existing model of invoking CardSpace selector for each and every app/site is not a good idea in terms of user experience. So we would still have to maintain some SSO protocol on our end to achieve seamless single sign ons.
Our goal with OpenAuth is to show what we ( I am very sure most of the other Identity Providers too) need (use-cases) in the Web 2.0 world and a way of solving them. We would be more than happy to work with (infact we are already) the web communities and tech groups to extend the existing Open protocols to support these use cases. George Fletcher also presented some of these use cases at the Concordia Project Workshop in the Catalyst conference earlier this week.
- Praveen
openauth at 1:24:00 PM EDT Blog about this entry |
Add to del.icio.us | digg this
