Can OpenID be used for API Authentication?
Jack Dorsey and Alex Payne stated that Twitter is working on adopting OpenID, however they still see some significant hurdles. In an interview with Geoffrey Grosenbach for the Ruby on Rails Podcast, Dorsey and Payne state that they believe that OpenID is a bad fit for developer APIs that require a unique key or a username and password to authenticate with the web service. Can OpenID be adopted in such a case? Could an asymmetric relationship be created between an artifact, in this case a program, and its author? Can this relationship then be authenticated by a third party, in this case, Twitter, the web service provider? I’m still very green when it comes to OpenID, but I’m wondering if there are any provisions for asymmetric links, one-offs, third party authentication, or whatever it should be called in the OpenID standard? I’m hoping to start a discussion here, so please hit the comments section as hard as you can!
Here’s what I’ve found so far:
- Les Orchard has an open discussion about using OpenID in a blog comment proxy.
- Obviously the current OpenID specification
The answer to this appears to be OAuth. http://oauth.net/
Said by seanosteen January 6, 2008 at about 10:04 pm