> > The only thing lacking is a base of authentication service providers that > are willing to give users control.
As someone who works for one of those "authentication service providers", what exactly would we need to support that we don't already? On Tue, Jan 21, 2025 at 8:35 PM Phillip Hallam-Baker <ph...@hallambaker.com> wrote: > On Tue, Jan 21, 2025 at 2:20 PM Warren Parad <wpa...@rhosys.ch> wrote: > >> I think you are still describing exactly what OAuth does, also FedCM >> helps a lot there, and I hate to say it but if this is the argument: >> > > That is exactly what I am saying: OAuth solved the problem a decade ago > and nobody noticed. > > The challenge now is to get people to notice and get the wider web to > realize that there is a better approach. > > Back in 1992, Tim Berners-Lee submitted a paper on the World Wide Web to > the Hypertext conference. It was rejected because there was 'nothing new'. > In 1993, they asked him to give the conference keynote. > > The 'innovation' in the Web was limited to removing search and referential > transparency from the document server. What that means is you can find > stuff and the links don't break. Ted Nelson considered those features > absolutely essential but they were an enormous burden on the services. > > > As someone who wants to allow people to comment on my personal blog, using > OAuth with DNS handles removes a huge amount of overhead: > > * Registering usernames and passwords. > * Verifying passwords. > * Verifying recovery email addresses. > * Account recovery. > > This approach is a win for users and a win for Web site maintainers. The > only thing lacking is a base of authentication service providers that are > willing to give users control. > >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
