OAuth's current access dance is based getting a request token that is later exchanged for an access token. Introducing the request token takes what could have been a 4 round trip protocol and makes it into a 6 round trip protocol. Couldn't we just simplify OAuth down to 4 round trips by getting rid of … ∞
I'm writing an enterprise service. A request comes in. Do I honor the request or reject it? Answering this apparently trivial access control question has spawned whole universes of interlocking protocols. Kerberos, Shibboleth, SAML, WS-*, Liberty, OAuth, OpenID and so on. Before I can pick which protocol to use I need to define my requirements. … Posted in Internet Protocols. Use this permalink for a bookmark.
O.k., it's pet peeve time. Otherwise intelligent people seem to get really confused whenever they hear "two phase commit". They immediately assume that if one is using two phase commits then one must be implementing an ACID or at least Atomic transaction. Nonsense! A two phase commit is nothing more than a coordination mechanism. It … Posted in Internet Protocols. Use this permalink for a bookmark.
Our rights only exist to the extent that we defend them in our daily lives. The right to free speech, for example, would quickly drain away if we didn't frequently exercise it and by so doing kept the knowledge of the rights importance and the mechanisms to protect it alive and well. But too often … Posted in Internet Protocols. Use this permalink for a bookmark.