OAuth 2.0 and SASL

From IIW

Session: Tuesday Session 1 Space I

Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes

Convener & Notes-taker(s): Bill Mills

Good discussion about whether this is actually needed given the OpenID/SASL proposal.

  • There seem to be different use cases that make both useful.
    • A significant difference is the durability of tokens.
    • Another is that in the OpenID case delegation is easy, admin@myblog.wrdpress.com being delegated to any domain for authentication for example.
    •    OpenID really issues one time tokens.

  • Discussion of both and what the characteristics of each are.

  •  Talked through the use cases for each in the context of a Mail server, and found that we really think there are use cases for both.