Thanks guys for following up on the discussion.
If I summary, replacing Mnet has for goals:
* obtaining maintainable/expendable code => using more standard methods / common concepts to developers for the authentication and authorisation process.
* make it more easy to set it up for the administrators.
The idea of using Oauth2 as an authentication protocol is that:
- it is easy for a developer to implement an Oauth2 client.
- it is a popular authentication/authorisation system
- it's still in draft, and sometimes described as a mess (Eran Hammer's blog post), but from my point of view it does not matter. We just need to do it the Google or Facebook way. Most client developers will be happy with that. Google already deprecated Oauth1 for Oauth2, forcing developers to know about their Oauth2 implementation.
For the Mnet authorisation parts (enrolments in external courses, list of courses... TBD):
I thought using web services, so using temporary tokens from Oauth2. But with OpenID, the provider could also generate a token during the authentication process.
After reading Hubert comments, I don't see any issue using the couple OpenID/Moodle web service to replace Mnet. As I don't see much more issues with Oauth2.
I think, for the authentication part, we should evaluate:
* how easy is the authentication provider to implement/maintain (knowing that for OpenID there are written plugins...)
* how easy are the clients to implement
* how easy is the authorisation part to implement/maintain
* how easy is the administration process (in Moodle)
I'll start writing a doc. for Mnet replacement.