OAuth? ，OpenID?两者都不?我的网站应该支持哪一个? [英] OAuth? ,OpenID? Neither? Which one should my site support?

问题描述

我在一个新网站上工作，希望获得有关OAuth，OpenID，标准网站拥有的用户名/密码的一些建议/反馈.

I working on a new website and wanted some advice/feedback on OAuth vs OpenID vs Standard site owned username/password.

推荐答案

您可能需要阅读

You may want to read this article by Malcom Tredinnick which explains what openid and oauth are, and do. They serve different purposes.

总而言之，openid将用于唯一标识用户-这是一个身份解决方案. oAuth通过允许用户向您的网站授予对外部服务(例如其flickr帐户)的临时访问权限，从而提供了一种与您网站的用户可以访问的数据进行交互的方式.

In summary, openid would be used to uniquely identify users - it's an identity solution. oAuth would provide a means to interact with data that your site's users have access to by allowing the user to grant your site temporary access to external services, their flickr account, for example - it's an authorization tool.

仅提供标准的特定于站点的帐户始终是一种选择，但是恕我直言，支持openid对于您的用户和Web更好.许多实施openid的网站都允许用户使用openid(如果有的话)，但也允许用户登录并创建没有openid的帐户.因此，它不一定是一个/或一个命题.你们两个都可以！

Offering only the standard site-specific account is always an option, of course but IMHO, supporting openid is better for your users and for the web. Many sites that implement openid allow users to use an openid if they have one, but also allow users to sign in and create accounts without openid as well. So, it's not necessarily an either/or proposition. You can do both!

这篇关于OAuth? ，OpenID?两者都不?我的网站应该支持哪一个?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！