I think this needs serious discussion. Right now we have 35 million accounts, mostly active that are authenticated using OAUTH2 using a DNS address as the account identifier.
That mode is surely going to become the majority use for OAUTH in the future. These are IETF technologies and IETF should be having a say in their use. I have a social media site I am working on that doesn't have accounts. You use your DNS Handle as per the ATprotocol profile of OAUTH. Which is almost OK only there is this 'plc' registry that needs to be yeeted right out of the spec because it is inserting an unnecessary middleperson into the transaction. @phill.hallambaker.com should give the OAUTH2 service provider I have picked and the account identifier to authenticate me there. And any service wanting to authenticate me to @phill.hallambaker.com should be able to do that without going through the Blue Sky controlled PLC registry. Yes, I understand that registry plays a role in ATprotocol, but it is irrelevant to authenticating a DNS Handle against an OAUTH2 service. This whole field has been set back so far because everyone doing 'identity' has to wet their beak. OpenID became how to use an account issued by a narrow cartel of 3 providers to log in anywhere. And one of those providers is the Borg of social media, the competition the rest are trying to survive against. Imagine if users could pick their own OpenID provider, the Borg issue gone, other blogs don't have the same concerns about supporting the competitive threat. If I could use one OpenID account anywhere at all, it becomes a different solution to the passwords problem. Instead of having to remember 154 passwords (the number in my password manager), I could just have one account, log in each morning. And then for cases where I want to partition my identity, it can authenticate multiple persona IDs against a single account. So I am @phill.hallambaker.com everywhere but the golf site where I am @harry.bagot.freehandles.com. I only log in once a day though. On Fri, Apr 11, 2025 at 3:20 PM Michael Sweet <msweet= [email protected]> wrote: > All, > > I was wondering whether there was interest in registering OAuth in the > IANA Service Name and Transport Protocol Port Number Registry [1]? I am > specifically thinking about use DNS-SD to discover the OAuth Authorization > Server to use for a given domain, but don't see OAuth or OpenID Connect > listed in the registry... > > Thanks! > > > [1] > https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml > > ________________________ > Michael Sweet > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
