OAuth and W3C Access Control alignment

By
Dave Orchard
on February 4, 2008 2:39 PM | | Comments (1) | TrackBacks (0)

I've done a little bit of digging into OAuth, and I was thinking about how it could compare and work with the W3C's Access Control spec.

AC specifies a static mechanism so that one domain can grant another domain access to specific domain and URI identified resources in the browser. In contrast, OAuth specifies a mechanism so that a user can grant one domain to access protected resources.

These are very different specs but perhaps they ought to be aligned? I have a few ideas about that, and I'm sure there are a lot of others.

0 TrackBacks

Listed below are links to blogs that reference this entry: OAuth and W3C Access Control alignment.

TrackBack URL for this entry: http://www.pacificspirit.com/cgi-bin/mt/mt-tb.cgi/184

1 Comments

By factoryjoe.comAuthor Profile Page on February 7, 2008 12:44 AM

Any reason why the W3C might not just move to adopt what we've done with OAuth? I mean, what other use cases does their spec afford that OAuth does not? And, why reinvent the wheel when OAuth is based on what the leading technology vendors were already doing?

Leave a comment

Recent Entries

About this Entry

This page contains a single entry by Dave Orchard published on February 4, 2008 2:39 PM.

Vancouver flood map under ocean rise of 4 metres was the previous entry in this blog.

Tech tab sweep: Social graph news is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Categories

Monthly Archives