OAuth goes final: Here comes the open web

Yesterday the OAuth 1.0 specification was announced as final. This has been brewing for a few months and I’m amazed at the work that Chris and Blaine and the rest of the specification editors that have been working on this.

For those that don’t know, OAuth can best be described from the site itself:

The answer is simple, OAuth attempts to provide a standard way for developers to offer their services via an API without forcing their users to expose their passwords (and other credentials).

The launch of OAuth 1.0 reminds me a lot of the early days of OpenID. A small group of people leading with code and solutions has come together to build a fantastic solution to the API key problem. A light-weight technology that does one thing really, really well. That’s really cool and they did it in record time.

I’ve had quite a few people ask me “Why isn’t this a part of OpenID?” Again, the answer is best explained from the oAuth website:

The answer is simple, OAuth attempts to provide a standard way for developers to offer their services via an API without forcing their users to expose their passwords (and other credentials). If OAuth depended on OpenID, only OpenID services would be able to use it, and while OpenID is great, there are many applications where it is not suitable or desired.

Now, I actually think the two are really complimentary because OpenID doesn’t solve the API key problem. As a matter of fact, it makes it even more difficult. Using OpenID and oAuth together mean we can authenticate via OpenID and hand out oAuth keys to allow out-of-band access for web services or desktop applications. This is fantastic. Now we’re getting some very interesting technologies that are describing the open web.

Congrats to the OAuth crew for getting 1.0 out the door!

About The Author

kveton

Other posts bykveton

Author his web sitehttp://kveton.myvidoop.com

4th

October 2007

6 Comments Add Yours ↓

The upper is the most recent comment

  1. 1

    sounds sweet! now, if I only knew how to program…

  2. 2

    Ack. That spammy URL is not what I meant! I am not as good with these things as I’d like ;)

  3. 3

    Yea, this is great I’ll definitely implement this in my future projects

  4. 4

    Yay indeed!

  5. 5

    Hey Scott, thanks for the post — and for highlighting the complementary aspects of OAuth and OpenID.

    One thing, it’s “OAuth”, not “oAuth”. ;)

  6. 6

    Damnit!!! Fixing ….


2Trackbacks/Pingbacks

  1. oAuth goes final: Here comes the open web 05 10 07
  2. Thomas Huhn: Implementing OAuth means "a small step for developers, but a big step for mankind" ;-) Be assured, we will stand in the first line when it comes to implementing this at our new project http://YoWhassup.com ! 08 10 07

Your Comment

Note: This post is over 2 years old. You may want to check later in this blog to see if there is new information relevant to your comment.

Additional comments powered by BackType