OAuth 2.0 and SASL

Session: Tuesday Session 1 Space I

Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes

Convener & Notes-taker(s): Bill Mills

Good discussion about whether this is actually needed given the OpenID/SASL proposal.
 * There seem to be different use cases that make both useful.
 * A significant difference is the durability of tokens.
 * Another is that in the OpenID case delegation is easy, admin@myblog.wrdpress.com being delegated to any domain for authentication for example.
 * OpenID really issues one time tokens.
 * Discussion of both and what the characteristics of each are.
 * Talked through the use cases for each in the context of a Mail server, and found that we really think there are use cases for both.