May 2010
Two tastes better together: Combining OpenID and OAuth with OpenID Connect
by nhoizey
"making more data available from OpenID users is the first essential step that we must take to regain our footing in the marketplace"
February 2010
June 2009
OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing
by holyver (via)
OAuth, OpenID…they sound like the same thing and they kind of do vaguely similar things But I’m here to tell you, OAuth is not Open ID. They have a different purpose. I’ve been playing around with OAuth a bit in the past couple weeks and have a grip on what it’s aiming to do and what it’s not aiming to do.
To start with, here’s what OAuth does have in common with Open ID
April 2009
Explaining the OAuth Session Fixation Attack
by nhoizey & 1 other
For everyone involved, this was a first-of-a-kind experience: managing a specification security hole (as opposed to a software bug) in an open specification, with an open community, and no clear governance model. Where do you even begin?
OAuth: 2009.1
by nhoizey
A session fixation attack against the OAuth Request Token approval flow (OAuth Core 1.0 Section 6) has been discovered.
February 2009
January 2009
Official Google Data APIs Blog: Bringing OpenID and OAuth Together
by nhoizey & 2 others
The Hybrid Protocol is a result of the ongoing effort by the OpenID and OAuth communities to make these protocols more useful for users and websites. Google is working together with the OpenID community to standardize the new protocol as a formal OpenID extension.
1
(8 marks)
