OAuth 2.0 and SASL
Session: Tuesday Session 1 Space I
Convener & Notes-taker(s): Bill Mills
Good discussion about whether this is actually needed given the OpenID/SASL proposal.
- There seem to be different use cases that make both useful.
- A significant difference is the durability of tokens.
- Another is that in the OpenID case delegation is easy, email@example.com being delegated to any domain for authentication for example.
- OpenID really issues one time tokens.
- Discussion of both and what the characteristics of each are.
- Talked through the use cases for each in the context of a Mail server, and found that we really think there are use cases for both.