OAuth Discovery 1.0 published
This just in from the my-lord-these-guys-are-fast department we have word that OAuth Discovery 1.0 specification has just been published. OAuth is yet another building block that will be critical for the open web. Okay, so what’s the big deal?
OAuth Discovery 1.0 uses the XRDS format coupled with Yadis to do the actual work. I know what you’re thinking; more stinkin’ acronyms you need to remember. No, no … its not like that. I swear, this is a good thing. XRDS and Yadis are used with another well-known protocol: OpenID.
OpenID 1.1 and newer have used Yadis for service discovery but unfortunately there hasn’t been anything to discover other than “hey, your OpenID provider is here!”. Most of the big OpenID providers support Yadis discovery and these are the same folks in the conversation about supporting OAuth as well. With OAuth Discovery using the same mechanisms for discovery as OpenID, you could now land your OAuth credentials on your OpenID provider and have it handle the discovery for that as well. Alright, let me break it down like a fraction for ya … :-):
The geek of all of this is that your OpenID is an end-point that you (and only you) own. Being able to do discovery on things this end-point can do (like “who proves who you are?”, “how do you authenticate with OAuth”, etc) means other sites can take advantage of you proving who you are to do ever cooler things. OAuth is just one more thing you can do at this end-point (and reality, one of the first “cool” things other than the actual OpenID authentication).
What does the future hold? Imagine being able to use discovery to find other services. What if I could use the discovery services to tell other sites where I get my social network from? Where and how people can attach to my public and private feeds? Information on who is providing my authoritative activity stream? It all could all land at these end-points and give sites lots of valuable information about the user while keeping that user in complete control.
I’m really excited about what OAuth means and the fact that they are using the other building blocks to make it a reality. All of these tools are coming together to build the applications we’ve all been talking about for years. Portable social networking is just around the corner and with it will come the reality that social networking isn’t something you go to a site to do; its something you’ll do on every site.
Good news Scott… I have a meeting tomorrow with participants which have many questions about Oauth. The Oauth Buzz is starting in Europe! :) All the best.