OAuth 2.0 and SASL
From IIW
Session: Tuesday Session 1 Space I
Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes
Convener & Notes-taker(s): Bill Mills
Good discussion about whether this is actually needed given the OpenID/SASL proposal.
- There seem to be different use cases that make both useful.
- A significant difference is the durability of tokens.
- Another is that in the OpenID case delegation is easy, admin@myblog.wrdpress.com being delegated to any domain for authentication for example.
- OpenID really issues one time tokens.
- Discussion of both and what the characteristics of each are.
- Talked through the use cases for each in the context of a Mail server, and found that we really think there are use cases for both.