身份验证?,OpenID?两者都不?我的网站应该支持哪一种? [英] OAuth? ,OpenID? Neither? Which one should my site support?

问题描述

我在一个新网站上工作，想要一些关于 OAuth、OpenID 和标准网站拥有的用户名/密码的建议/反馈.

I working on a new website and wanted some advice/feedback on OAuth vs OpenID vs Standard site owned username/password.

推荐答案

您可能需要阅读 这篇文章 由 Malcom Tredinnick 解释了 openid 和 oauth 是什么，以及做什么.它们用于不同的目的.

You may want to read this article by Malcom Tredinnick which explains what openid and oauth are, and do. They serve different purposes.

总而言之，openid 将用于唯一标识用户 - 这是一种身份解决方案.oAuth 将提供一种与您网站的用户有权访问的数据进行交互的方法，它允许用户授予您的网站临时访问外部服务的权限，例如他们的 flickr 帐户 - 它是一种授权工具.

In summary, openid would be used to uniquely identify users - it's an identity solution. oAuth would provide a means to interact with data that your site's users have access to by allowing the user to grant your site temporary access to external services, their flickr account, for example - it's an authorization tool.

仅提供标准的站点特定帐户始终是一种选择，当然但恕我直言，支持 openid 对您的用户和网络更好.许多实现 openid 的站点允许用户使用 openid(如果有的话)，但也允许用户在没有 openid 的情况下登录和创建帐户.因此，它不一定是非此即彼的命题.两者都可以！

Offering only the standard site-specific account is always an option, of course but IMHO, supporting openid is better for your users and for the web. Many sites that implement openid allow users to use an openid if they have one, but also allow users to sign in and create accounts without openid as well. So, it's not necessarily an either/or proposition. You can do both!

这篇关于身份验证?,OpenID?两者都不?我的网站应该支持哪一种?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！