oauth-brainstorming

From DiSo wiki

Jump to: navigation, search

Chris was on the LikeItMatters podcast today, talking about DiSo. Here's a diagram of one of the ideas he talked about - this is a place holder for Chris' writeup. -- User:Steveivy

openid_oauth_xmpp_contactme-20071214-151346.png

Discussion summaries

"Alright, OAuth for Wordpress with Discovery is ready

<http://tinyurl.com/3cvewh>

See how there are so many less text boxes? (5 less, in fact!) All that data is being auto-detected now! Enter a comment (the other data should be filled in for you) and push 'start' -- as before the comment will be posted at <http://singpolyma.net/2007/12/mini-feed-plugin-for-wordpress/> after OAuth flow.

The detection extension requires my XRDS plugin (newest version, which I just uploaded) to be installed and activated to work.

CODE OAuth plugin: <http://singpolyma.net/oauth.tar.gz> XRDS plugin: <http://singpolyma.net/xrds.tar.gz> OAuth Test code (client) that I'm using: <http://singpolyma.net/oauth-testcode.tar.gz>

What's not done:

1) Granular permissions -- currently lets the consumer access ALL pages 2) Expiring the access tokens (backend is there, but no interface to ask the user how long so still defaults to forever, client/testcode does not take advantage of forever) 3) Probably other stuff" -- Stephen Paul Weber

"So, basically, OAuth is a building block. Useless unto itself, but opening up new possibilities.

A possibility #1

You are reading a post on my blog in your feed reader. You want to comment, but coming to my site is a hassle. You enter your comment in your feed reader and click a button -- done. OAuth doesn't do this, but it ALLOWS FOR IT by providing the needed authentication layer for your feed reader to access your account.

A possibility #2

I am on a new social networking portal. They want to know who my friends are, and some of my profile information. I give them my URL and, through OAuth, can give them access to just those parts of my private profile and private friends list that I want them to see. OAuth doesn't do that, but FACILITATES the permissions on who can see what.

Just some thoughts :) " -- Stephen Paul Weber

"Personally I thought we'd try to hack OAuth for WordPress into MarsEdit or ecto or other blog editors first, to prove the concept, replacing typical u/p auth with OAuth, so that the behavior is more like a Flickr Uploadr.

Seems to me that this work you're doing now Stephen would allow that, right?

Another idea for possibility #2 is to give out different profile photos for different people or services based on OAuth tokens (or OpenID personas). That way if, say, you're leaving a comment as a person who works for a company, you can leave a picture of yourself in, say, a suit and tie. If, instead, you're leaving a comment on a friend's blog, maybe you use the photo of yourself with the Mai Tai. Etc etc." -- Chris Messina

Retrieved from "http://diso-project.org/wiki/oauth-brainstorming"
Personal tools