[Mailman-Developers] SUBMIT and OpenID, was Two more DMARC mitigations

[Barry Warsaw]

On Jun 17, 2014, at 09:34 AM, Joshua Cranmer 🐧 wrote:

>The problem with OAuth is that a lot of its details are left up to the whims
>of the implementor, such as the location of its various endpoints or even
>what elements in the query are mandatory. Figuring out how to go from "email
>address" to "OAuth bearer token" is currently impossible without hardcoding a
>lot of mapping details.

Not to mention that there are lots of OAuth 1.x implementations out there
(client and server), and it's a fairly easy protocol to understand.  At a
Python conference a few years ago I spoke with someone who resigned from the
committee designing OAuth 2 due to lots of problems with the new spec,
essentially ill you could imagine with a designed-by-committee new version.
(In the music biz, we call this the sophomore slump.  Great debut album, but
all the good material got used up. :)

-Barry