This just passed across my desk, something called TAuth:
https://blog.teller.io/2016/04/26/tauth.html
<https://blog.teller.io/2016/04/26/tauth.html>
Basically, the story is “OAuth is hard, so we made our own thing”.
Unfortunately, the new thing requires mutual TLS, non-expiring tokens, and a
proprietary (as best as I can tell) signature stack. So from my view, it’s
already dead in the water a few different and complex ways, but I’m sure some
marketing folks will be pushing it around as the alternative to OAuth.
The article above is full of half-truth, like the true statement
“self-contained encrypted tokens can’t be revoked” which leads to “so you
shouldn’t use OAuth if you want fast revocation”.
But if nothing else, things like this should encourage us to finish and publish
PoP.
— Justin
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
