Eran,
Excellent write-up. Couple of quick points:
a) Instead of another "easy-to-read" specification document
of some kind, might be easier to write an OAuth Primer (similar to what
W3C does). The document can have a section on "Lessons learned from
implementations". Naturally all of these will get folded into the RFC.
b) You had mentioned lack of good open source libraries. I
agree that it is important to have good libraries. Which libraries do
need work ? Is there a list of tasks or some sort of pointers ? If we
have a Wiki page and a list of work to be done - even at a very high
granular level - then it will make it easier for folks to pitch-in as
time permits.
c) BTW, moving to IETF is very good. A standard under a
well-accepted body like IETF makes it easier for corporations to adopt.
In the process, we also get visibility from the security community plus
a deliberate-systemic approach for growth.
Cheers
<k/>
|-----Original Message-----
|From: [email protected] [mailto:[email protected]] On Behalf
|Of Eran Hammer-Lahav
|Sent: Monday, March 02, 2009 8:42 AM
|To: [email protected]
|Cc: [email protected]
|Subject: [oauth] FYI: State of the (OAuth) Union
|
|
|http://www.hueniverse.com/hueniverse/2009/03/state-of-the-oauth-
|union.html
|
|OAuth Core 1.0 was declared as final specification almost a year and a
|half ago. The overall reception was incredible with almost overnight
|adoption from major web players like Google, Yahoo, and MySpace. We
even
|got the attention of the major internet standard bodies, approaching
us,
|some officially, some less so, to bring the work over. It has been a
|good year for community-driven specifications with OAuth leading the
|charge.
|
|During the past year, we've also seen a lot of new ideas and new
|requirements coming up. Most people are not aware that there are about
|15 proposed extensions for OAuth covering a wide range of topics. There
|is also a lot of confusion regarding what is going on with the
|specification, how should extension be proposed (and made "official"),
|and recent announcements.
|
|This post will try to answer some of the questions I receive from
people
|on a daily basis. If you care about OAuth, implemented it or plan to,
or
|have any dependency on the specification, technology, or community,
this
|should be a helpful read. If I missed an important question, please let
|me know in the comments.
|
| * What's Up?
| * What is the Status of OAuth Core 1.0?
| * Is there a New Version Coming?
| * What is Being Done to Make the Current Specification Easier to
|Read?
| * Is OAuth Moving to the IETF?
| * Why the IETF?
| * Why does the IETF want OAuth?
| * Who Made You In Charge (to Bring OAuth to the IETF)?
| * Why isn't the Current Specification Good Enough? Why Seek a
|Standard?
| * OAuth doesn't Address My Use Case, How can I Extend it?
| * Any Upcoming OAuth Events?
|
|EHL
|
|
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
