Active
Recommended by specifications council and approved by the general membership.
Latest spec:
OpenID has always been focused on how to enable user-authentication within the browser. Over the last year, OAuth has been developed to allow authorization either from within a browser, desktop software, or mobile devices. Obviously there has been interest in using OpenID and OAuth together allowing a user to share their identity as well as grant a Relying Party access to an OAuth protected resource in a single step. A small group of people have been working on developing an extension to OpenID which makes this possible in a collaborative fashion within http://code.google.com/p/step2/. This small project includes a draft spec and Open Source implementations which the proposers would like to finalize within the OpenID Foundation.
OpenID OAuth Hybrid Working Group
Produce a standard OpenID extension to the OpenID Authentication protocol that provides a mechanism to embed an OAuth approval request into an OpenID authentication request to permit combined user approval. The extension addresses the use case where the OpenID Provider and OAuth Service Provider are the same service. To provide good user experience, it is important to present a combined authentication and authorization screen for the two protocols.
The proposed work is as follows:
Finalize the OpenID OAuth Extension spec (http://step2.googlecode.com/svn/spec/openid_oauth_extension/latest/openid_oauth_extension.html) as an official OpenID Extension.
OpenID OAuth Extension 1.0. Specification completion by Q1 2009.
English.
E-mail discussions on the working group mailing list and working group conference calls.
The work will be completed once it is apparent that maximal consensus on the protocol proposal has been achieved within the working group, consistent with the purpose and scope.