That's a pretty limited view on what OAuth 2.0 is for. EHL
> -----Original Message----- > From: Brian Eaton [mailto:bea...@google.com] > Sent: Tuesday, May 11, 2010 10:53 AM > To: Eran Hammer-Lahav > Cc: Manger, James H; OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] sites with wildcard > > On Tue, May 11, 2010 at 10:49 AM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > This is completely meaningless. > > > > This list is all vendors specific (including OAuth 1.0 which lacks any form > > of > discovery) which means libraries can easily hard-code the sites allowed into > their library. Also, because there really isn't any authentication challenge > involved, there is no issue with unfamiliar servers. > > > > On the other hand, browsers encounter Cookie and Basic authentication > requests all the time, and always with unfamiliar servers. That's the relevant > example. > > Cookies and basic auth are largely irrelevant, because OAuth 2 doesn't need > to replace cookies and basic auth. Cookies and basic auth work *just fine* in > web browsers today. Every vendor participating in this discussion uses > cookies, so I'd say that we have all the standardization we need in that > space. > > OAuth 2 does need to replace all the vendor specific delegation protocols, > though. > > Cheers, > Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
