[projectvrm] OAuth has ruined everything

[Adrian Gropper < >]

There's much to like about this post but the problem is social login, not just OAuth. I don't want either Google or Facebook or even Twitter to track me and my attributes. Call me 'old fashioned'.

Andrew Hughes just pointed the UMA folks to http://www.nist.gov/itl/acd/ncce/20151022privacy.cfm I haven't read the NIST white paper https://nccoe.nist.gov/sites/default/files/nccoe/Privacy_Enhanced_Identity_Brokers_Building_Block_WP.pdf yet, but I suspect there would be mention of triple-blind tech and ways of managing attributes without sharing them with Facebook or Google.

My goal is to leave the ID problem to others and fix the authorization part OAuth by making a strictly personal, and therefore generic, UMA authorization server as a reference implementation. This doesn't directly solve the complexity of either OAuth or UMA but it does introduce a piece of strictly personal technology for everyone to test against.

Adrian

On Friday, October 23, 2015, Coach < ');" target="_blank"> > wrote:

for your reading amusement:
http://developer.telerik.com/featured/oauth-has-ruined-everything/

  j.

--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/