[Mailman-Developers] SUBMIT and OpenID, was Two more DMARC mitigations
Joshua Cranmer 🐧
Pidgeot18 at gmail.com
Tue Jun 17 16:34:23 CEST 2014
On 6/16/2014 9:28 PM, Stephen J. Turnbull wrote:
> Were we (on dmarc at ietf) talking all along about OpenID when we wrote
> "OAuth"? They're different, although I don't know exactly how or why
> (and neither RFC made obvious mention of the other :-( ).
OAuth calls itself an authorization framework. I like to think of it
personally as a less secure and less well-specified variant of Kerberos.
:-) OpenID in contrast is more of a third-party authentication provider.
It looks like OpenID is repositioning itself to work on top of OAuth 2.0
with OpenID Connect, though.
The problem with OAuth is that a lot of its details are left up to the
whims of the implementor, such as the location of its various endpoints
or even what elements in the query are mandatory. Figuring out how to go
from "email address" to "OAuth bearer token" is currently impossible
without hardcoding a lot of mapping details.
--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist
More information about the Mailman-Developers
mailing list