Your review and thoughts are welcome: http://framework.zend.com/wiki/pages/viewpage.action?pageId=37957
OAuth Website: http://www.oauth.net In brief, and quoting from the Overview: The OAuth protocol reached final draft during October. It is a protocol allowing websites, web applications or desktop applications to access Service Resources via an API without requiring Users to disclose their credentials. It is an open and decentralised protocol. A simple use case would be Twitter. At present, Twitter applications such as Spaz.air or Twitterer require a User's login username and password (their credentials) in order to access the timeline of other Users they are following or send updates (tweets). This raises a risk that such applications may use those credentials to change the User's password, send "tweets" without their permission, or other unauthorised actions. Implementing OAuth, such an application would be able to perform limited authorised actions without requiring Users to disclose their credentials. In effect, this is similar to establishing an API Key and indeed OAuth builds upon existing standards to reach an acceptable open standard. OAuth is therefore perfect also in situations where a Service Provider is not aware of a User's credentials, as is the case when a Provider implements OpenID. In OpenID, credentials are centralised to a single OpenID Provider and implementing Consumers will require an alternate means of allowing authenticated User's to access their Service Resources via an API. OAuth is not an OpenID extension, but does complement it. Pádraic Brady http://blog.astrumfutura.com http://www.patternsforphp.com OpenID Europe Foundation Member-Subscriber ____________________________________________________________________________________ Check out the hottest 2008 models today at Yahoo! Autos. http://autos.yahoo.com/new_cars.html
