Identity Update: Browsers with OpenID?

For about a year I have been pushing OpenID and OAuth as a key component to a large scale “Social Process” system (see posts here, here, and here). In the past year I have tested these ideas with a project called “Process Leaves” which is essentially a wiki which supports a couple of non-profit organizations I volunteer with. In order to access the protected content, you must log in with an OpenId. Yet there is still a problem. Continue reading

REST assured, OAuth security

I have been investigating REST oriented workflow in a secure environment for the past couple of months. I covered OpenID a few months ago which is perfect for allowing for a kind of single sign on (SSO) in a web 2.0 environment without giving any service your password. Signing on to services is important, but how do you get a service to talk to another service, without giving one of them your password? Continue reading