Re: [oauth] Is OAuth death?
Thanks for your input Nate. To the questions others had below earlier I was wondering whether it is known that the IETF tools page shows the current status of all documents. Here is the link: http://datatracker.ietf.org/wg/oauth/ So, for draft-ietf-oauth-v2-31 it says that it is with the RFC Editor. The RFC Editor reads through the documents and corrects editorial bugs. On Sep 25, 2012, at 9:48 PM, Nate Ferrero wrote: Just a note from the perspective of someone who just created an OAuth provider library for my company. OAuth 2 allows for relatively high security (tokens expire every hour for us, and no client secret is passed to the front end). I think people should just start implementing it in a limited way to satisfy their needs. On Thursday, August 2, 2012 10:11:49 PM UTC-7, =nat wrote: There is one glitch to be sort out: the mime type for form encoding is not IANA registered. It should be registered by W3C. However, I expect it to be sort out pretty quickly. Hannes, do you have any comment? Nat On Thu, Aug 2, 2012 at 10:55 AM, Steven WIllmott ste...@gmail.com wrote: Hi Nat, Yes, indeed - just saw that on twitter, after sending the below. That's good news - do you know what the expectation is for finalization? thanks and all the best, steve. On Aug 1, 2012, at 11:42 PM, Nat Sakimura wrote: Hi Steve, Actually, the OAuth 2.0 Core and Bearer specs were approved by IESG to be sent to RFC Editor as of today. That means, it is essentially done. Nat On Wed, Aug 1, 2012 at 3:02 PM, Steven WIllmott ste...@gmail.com wrote: Hi Hannes, Thanks for your answer - I can definitely understand the sentiments and of course as you mentioned before there is more than one side of the story and this absolutely isn't one person's decision! Also maybe official statements are not appropriate / possible but I would ask (and I think a lot of people would): 1. Will the IETF group complete the process and still finalize a full specification as forseen? (and in the timeframe forseen - I think the charter runs to 2013 if I'm not wrong. 2. Will there be any activity which takes on board / responds to some of the points made by Eran? (Note I'm not saying there is an obligation - just that it feels like some acknowledgement would make sense and a idea that the comments had been received and considered (or not)). You stated that Eran would disagree - which may be true of course, but I don't think this is a reason not to make statements. I guess what I'm trying to say above all is that people will be trying to make decisions about adoption and it would be helpful to have a forward looking statement from the IETF group as to where things are headed. Even if this is not at all in doubt for the group, it might be when seen from the outside. Don't know if that makes some kind of sense. steve. On Aug 1, 2012, at 2:42 PM, Hannes Tschofenig wrote: Hi Steven, I don't think there will be a formal response and here are the reasons: a) the press does not seem to be interested to spend time looking at details since otherwise they would have at least gotten more input prior to post their stories. They did, however, only copy text from Eran's blog post. b) Eran is not likely to agree with us regardless of what we write. He did not care about the views of others during the past few years either. c) Those who had worked on an implementation and deployed OAuth 2.0 do not need any formal response from us. They have already experienced OAuth 2.0 and they, as many posts confirm, do not find it complicated to implement nor to deploy. d) Those who are thinking about using OAuth 2.0 need to think what they are trying to accomplish. Those trying to write their own OAuth 2.0 library will have to read through the specification. There is no way around it. Application developers, who are just using OAuth, will have to think about their use case. For example, if you want to write an application that uses Facebook then you will have to look at their SDK. For all the others who are creating their own application deployment (like a site that offers access to a protected resource) I suggest to re-use one of the existing libraries (instead of implementing OAuth from scratch). For this group I doubt they are interested in any standardization related discussion. I hope that this makes sense to you. If you have any recommendations of what guidance developers would like to see I am sure we can put some information together. Ciao Hannes On Jul 29, 2012, at 4:31 PM, Steven WIllmott wrote: Hi Hannes, Do you think there will some sort of (semi?)formal response from the IETF group? I can understand that they might not want to, but some of the points made seem salient, the problem is/will become what recommendations go out to
Re: [oauth] Is OAuth death?
Hi Steve, Actually, the OAuth 2.0 Core and Bearer specs were approved by IESG to be sent to RFC Editor as of today. That means, it is essentially done. Nat On Wed, Aug 1, 2012 at 3:02 PM, Steven WIllmott stev...@gmail.com wrote: Hi Hannes, Thanks for your answer - I can definitely understand the sentiments and of course as you mentioned before there is more than one side of the story and this absolutely isn't one person's decision! Also maybe official statements are not appropriate / possible but I would ask (and I think a lot of people would): 1. Will the IETF group complete the process and still finalize a full specification as forseen? (and in the timeframe forseen - I think the charter runs to 2013 if I'm not wrong. 2. Will there be any activity which takes on board / responds to some of the points made by Eran? (Note I'm not saying there is an obligation - just that it feels like some acknowledgement would make sense and a idea that the comments had been received and considered (or not)). You stated that Eran would disagree - which may be true of course, but I don't think this is a reason not to make statements. I guess what I'm trying to say above all is that people will be trying to make decisions about adoption and it would be helpful to have a forward looking statement from the IETF group as to where things are headed. Even if this is not at all in doubt for the group, it might be when seen from the outside. Don't know if that makes some kind of sense. steve. On Aug 1, 2012, at 2:42 PM, Hannes Tschofenig wrote: Hi Steven, I don't think there will be a formal response and here are the reasons: a) the press does not seem to be interested to spend time looking at details since otherwise they would have at least gotten more input prior to post their stories. They did, however, only copy text from Eran's blog post. b) Eran is not likely to agree with us regardless of what we write. He did not care about the views of others during the past few years either. c) Those who had worked on an implementation and deployed OAuth 2.0 do not need any formal response from us. They have already experienced OAuth 2.0 and they, as many posts confirm, do not find it complicated to implement nor to deploy. d) Those who are thinking about using OAuth 2.0 need to think what they are trying to accomplish. Those trying to write their own OAuth 2.0 library will have to read through the specification. There is no way around it. Application developers, who are just using OAuth, will have to think about their use case. For example, if you want to write an application that uses Facebook then you will have to look at their SDK. For all the others who are creating their own application deployment (like a site that offers access to a protected resource) I suggest to re-use one of the existing libraries (instead of implementing OAuth from scratch). For this group I doubt they are interested in any standardization related discussion. I hope that this makes sense to you. If you have any recommendations of what guidance developers would like to see I am sure we can put some information together. Ciao Hannes On Jul 29, 2012, at 4:31 PM, Steven WIllmott wrote: Hi Hannes, Do you think there will some sort of (semi?)formal response from the IETF group? I can understand that they might not want to, but some of the points made seem salient, the problem is/will become what recommendations go out to people what to implement. We get that question very regularly from users, so we have our thinking caps on at the moment. steve. On Jul 29, 2012, at 2:59 PM, Hannes Tschofenig wrote: Thanks for sharing your views, Steve. I agree with your statements below and it would indeed be strange if Eran gets to decide that a technology dies (that is already widely implemented and deployed). I would have liked to get the specification finished earlier myself and, funny enough, Eran is also responsible for the delay (although not the only person). On Jul 29, 2012, at 2:38 PM, Steven WIllmott wrote: I certainly don't think it's dead - Eran makes some important points and the current 2.0 spec has certainly dragged a long time to get final. The biggest concern is fragmentation between implementations - the suggestion of using a concrete instantiation (e.g. Facebook) only take you so far. The IETF group is still a legitimate body, with a legitimate process - however given the nature of the criticisms and who they come from, I'd hope someone from that group steps forward and outlines a response and -- for the legitimate comments perhaps an evolutionary path. There are also some other potential efforts to monkey patch oAuth 1.0a - eg. see: http://news.ycombinator.com/item?id=4294959, but who knows where these will go. I wouldn't call oAuth dead - it's the best pattern we have for this
Re: [oauth] Is OAuth death?
Hi Nat, Yes, indeed - just saw that on twitter, after sending the below. That's good news - do you know what the expectation is for finalization? thanks and all the best, steve. On Aug 1, 2012, at 11:42 PM, Nat Sakimura wrote: Hi Steve, Actually, the OAuth 2.0 Core and Bearer specs were approved by IESG to be sent to RFC Editor as of today. That means, it is essentially done. Nat On Wed, Aug 1, 2012 at 3:02 PM, Steven WIllmott stev...@gmail.com wrote: Hi Hannes, Thanks for your answer - I can definitely understand the sentiments and of course as you mentioned before there is more than one side of the story and this absolutely isn't one person's decision! Also maybe official statements are not appropriate / possible but I would ask (and I think a lot of people would): 1. Will the IETF group complete the process and still finalize a full specification as forseen? (and in the timeframe forseen - I think the charter runs to 2013 if I'm not wrong. 2. Will there be any activity which takes on board / responds to some of the points made by Eran? (Note I'm not saying there is an obligation - just that it feels like some acknowledgement would make sense and a idea that the comments had been received and considered (or not)). You stated that Eran would disagree - which may be true of course, but I don't think this is a reason not to make statements. I guess what I'm trying to say above all is that people will be trying to make decisions about adoption and it would be helpful to have a forward looking statement from the IETF group as to where things are headed. Even if this is not at all in doubt for the group, it might be when seen from the outside. Don't know if that makes some kind of sense. steve. On Aug 1, 2012, at 2:42 PM, Hannes Tschofenig wrote: Hi Steven, I don't think there will be a formal response and here are the reasons: a) the press does not seem to be interested to spend time looking at details since otherwise they would have at least gotten more input prior to post their stories. They did, however, only copy text from Eran's blog post. b) Eran is not likely to agree with us regardless of what we write. He did not care about the views of others during the past few years either. c) Those who had worked on an implementation and deployed OAuth 2.0 do not need any formal response from us. They have already experienced OAuth 2.0 and they, as many posts confirm, do not find it complicated to implement nor to deploy. d) Those who are thinking about using OAuth 2.0 need to think what they are trying to accomplish. Those trying to write their own OAuth 2.0 library will have to read through the specification. There is no way around it. Application developers, who are just using OAuth, will have to think about their use case. For example, if you want to write an application that uses Facebook then you will have to look at their SDK. For all the others who are creating their own application deployment (like a site that offers access to a protected resource) I suggest to re-use one of the existing libraries (instead of implementing OAuth from scratch). For this group I doubt they are interested in any standardization related discussion. I hope that this makes sense to you. If you have any recommendations of what guidance developers would like to see I am sure we can put some information together. Ciao Hannes On Jul 29, 2012, at 4:31 PM, Steven WIllmott wrote: Hi Hannes, Do you think there will some sort of (semi?)formal response from the IETF group? I can understand that they might not want to, but some of the points made seem salient, the problem is/will become what recommendations go out to people what to implement. We get that question very regularly from users, so we have our thinking caps on at the moment. steve. On Jul 29, 2012, at 2:59 PM, Hannes Tschofenig wrote: Thanks for sharing your views, Steve. I agree with your statements below and it would indeed be strange if Eran gets to decide that a technology dies (that is already widely implemented and deployed). I would have liked to get the specification finished earlier myself and, funny enough, Eran is also responsible for the delay (although not the only person). On Jul 29, 2012, at 2:38 PM, Steven WIllmott wrote: I certainly don't think it's dead - Eran makes some important points and the current 2.0 spec has certainly dragged a long time to get final. The biggest concern is fragmentation between implementations - the suggestion of using a concrete instantiation (e.g. Facebook) only take you so far. The IETF group is still a legitimate body, with a legitimate process - however given the nature of the criticisms and who they come from, I'd hope someone from that group steps forward
Re: [oauth] Is OAuth death?
There is one glitch to be sort out: the mime type for form encoding is not IANA registered. It should be registered by W3C. However, I expect it to be sort out pretty quickly. Hannes, do you have any comment? Nat On Thu, Aug 2, 2012 at 10:55 AM, Steven WIllmott stev...@gmail.com wrote: Hi Nat, Yes, indeed - just saw that on twitter, after sending the below. That's good news - do you know what the expectation is for finalization? thanks and all the best, steve. On Aug 1, 2012, at 11:42 PM, Nat Sakimura wrote: Hi Steve, Actually, the OAuth 2.0 Core and Bearer specs were approved by IESG to be sent to RFC Editor as of today. That means, it is essentially done. Nat On Wed, Aug 1, 2012 at 3:02 PM, Steven WIllmott stev...@gmail.com wrote: Hi Hannes, Thanks for your answer - I can definitely understand the sentiments and of course as you mentioned before there is more than one side of the story and this absolutely isn't one person's decision! Also maybe official statements are not appropriate / possible but I would ask (and I think a lot of people would): 1. Will the IETF group complete the process and still finalize a full specification as forseen? (and in the timeframe forseen - I think the charter runs to 2013 if I'm not wrong. 2. Will there be any activity which takes on board / responds to some of the points made by Eran? (Note I'm not saying there is an obligation - just that it feels like some acknowledgement would make sense and a idea that the comments had been received and considered (or not)). You stated that Eran would disagree - which may be true of course, but I don't think this is a reason not to make statements. I guess what I'm trying to say above all is that people will be trying to make decisions about adoption and it would be helpful to have a forward looking statement from the IETF group as to where things are headed. Even if this is not at all in doubt for the group, it might be when seen from the outside. Don't know if that makes some kind of sense. steve. On Aug 1, 2012, at 2:42 PM, Hannes Tschofenig wrote: Hi Steven, I don't think there will be a formal response and here are the reasons: a) the press does not seem to be interested to spend time looking at details since otherwise they would have at least gotten more input prior to post their stories. They did, however, only copy text from Eran's blog post. b) Eran is not likely to agree with us regardless of what we write. He did not care about the views of others during the past few years either. c) Those who had worked on an implementation and deployed OAuth 2.0 do not need any formal response from us. They have already experienced OAuth 2.0 and they, as many posts confirm, do not find it complicated to implement nor to deploy. d) Those who are thinking about using OAuth 2.0 need to think what they are trying to accomplish. Those trying to write their own OAuth 2.0 library will have to read through the specification. There is no way around it. Application developers, who are just using OAuth, will have to think about their use case. For example, if you want to write an application that uses Facebook then you will have to look at their SDK. For all the others who are creating their own application deployment (like a site that offers access to a protected resource) I suggest to re-use one of the existing libraries (instead of implementing OAuth from scratch). For this group I doubt they are interested in any standardization related discussion. I hope that this makes sense to you. If you have any recommendations of what guidance developers would like to see I am sure we can put some information together. Ciao Hannes On Jul 29, 2012, at 4:31 PM, Steven WIllmott wrote: Hi Hannes, Do you think there will some sort of (semi?)formal response from the IETF group? I can understand that they might not want to, but some of the points made seem salient, the problem is/will become what recommendations go out to people what to implement. We get that question very regularly from users, so we have our thinking caps on at the moment. steve. On Jul 29, 2012, at 2:59 PM, Hannes Tschofenig wrote: Thanks for sharing your views, Steve. I agree with your statements below and it would indeed be strange if Eran gets to decide that a technology dies (that is already widely implemented and deployed). I would have liked to get the specification finished earlier myself and, funny enough, Eran is also responsible for the delay (although not the only person). On Jul 29, 2012, at 2:38 PM, Steven WIllmott wrote: I certainly don't think it's dead - Eran makes some important points and the current 2.0 spec has certainly dragged a long time to get final. The biggest concern is fragmentation between implementations - the suggestion of using a concrete instantiation (e.g. Facebook) only take
Re: [oauth] Is OAuth death?
OAuth 2.0 and the Road to Hell: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ 2012/4/15 Hannes Tschofenig hannes.tschofe...@gmx.net You can subscribe to the IETF OAuth mailing list here: http://datatracker.ietf.org/wg/oauth/charter/ (On the left side you can find the links to the subscribe page as well as to the archive. If you look at the archive at http://www.ietf.org/mail-archive/web/oauth/current/maillist.html you will notice that there are a few mails since May 2009...) On Mar 21, 2012, at 11:06 AM, André Fiedler wrote: Ok, many thanks for your answers. So I will build upon OAuth (OAuth Provider) and hope this is the right step. 2012/3/21 Nat Sakimura sakim...@gmail.com So it has moved on to IETF from oauth.org. Google, Facebook among others have been implementing OAuth 2.0 various revisions to this date. OAuth 2.0 in IETF is near its completion. Best, Nat On Tue, Mar 20, 2012 at 4:16 AM, SunboX fiedler.an...@googlemail.com wrote: Last Blog-Post on oauth.net is from may 2009. All php libraries are sleeping since one year (http://code.google.com/p/oauth-php/source/ list). Who did see OAuth 2.0 somewhere? Is OAuth death? -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
Re: [oauth] Is OAuth death?
Thanks for sharing your views, Steve. I agree with your statements below and it would indeed be strange if Eran gets to decide that a technology dies (that is already widely implemented and deployed). I would have liked to get the specification finished earlier myself and, funny enough, Eran is also responsible for the delay (although not the only person). On Jul 29, 2012, at 2:38 PM, Steven WIllmott wrote: I certainly don't think it's dead - Eran makes some important points and the current 2.0 spec has certainly dragged a long time to get final. The biggest concern is fragmentation between implementations - the suggestion of using a concrete instantiation (e.g. Facebook) only take you so far. The IETF group is still a legitimate body, with a legitimate process - however given the nature of the criticisms and who they come from, I'd hope someone from that group steps forward and outlines a response and -- for the legitimate comments perhaps an evolutionary path. There are also some other potential efforts to monkey patch oAuth 1.0a - eg. see: http://news.ycombinator.com/item?id=4294959, but who knows where these will go. I wouldn't call oAuth dead - it's the best pattern we have for this kind of thing, but there's certainly a danger of fragmentation right now. steve. On Jul 29, 2012, at 6:24 AM, André Fiedler wrote: OAuth 2.0 and the Road to Hell: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ 2012/4/15 Hannes Tschofenig hannes.tschofe...@gmx.net You can subscribe to the IETF OAuth mailing list here: http://datatracker.ietf.org/wg/oauth/charter/ (On the left side you can find the links to the subscribe page as well as to the archive. If you look at the archive at http://www.ietf.org/mail-archive/web/oauth/current/maillist.html you will notice that there are a few mails since May 2009...) On Mar 21, 2012, at 11:06 AM, André Fiedler wrote: Ok, many thanks for your answers. So I will build upon OAuth (OAuth Provider) and hope this is the right step. 2012/3/21 Nat Sakimura sakim...@gmail.com So it has moved on to IETF from oauth.org. Google, Facebook among others have been implementing OAuth 2.0 various revisions to this date. OAuth 2.0 in IETF is near its completion. Best, Nat On Tue, Mar 20, 2012 at 4:16 AM, SunboX fiedler.an...@googlemail.com wrote: Last Blog-Post on oauth.net is from may 2009. All php libraries are sleeping since one year (http://code.google.com/p/oauth-php/source/ list). Who did see OAuth 2.0 somewhere? Is OAuth death? -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this
Re: [oauth] Is OAuth death?
You can subscribe to the IETF OAuth mailing list here: http://datatracker.ietf.org/wg/oauth/charter/ (On the left side you can find the links to the subscribe page as well as to the archive. If you look at the archive at http://www.ietf.org/mail-archive/web/oauth/current/maillist.html you will notice that there are a few mails since May 2009...) On Mar 21, 2012, at 11:06 AM, André Fiedler wrote: Ok, many thanks for your answers. So I will build upon OAuth (OAuth Provider) and hope this is the right step. 2012/3/21 Nat Sakimura sakim...@gmail.com So it has moved on to IETF from oauth.org. Google, Facebook among others have been implementing OAuth 2.0 various revisions to this date. OAuth 2.0 in IETF is near its completion. Best, Nat On Tue, Mar 20, 2012 at 4:16 AM, SunboX fiedler.an...@googlemail.com wrote: Last Blog-Post on oauth.net is from may 2009. All php libraries are sleeping since one year (http://code.google.com/p/oauth-php/source/ list). Who did see OAuth 2.0 somewhere? Is OAuth death? -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
Re: [oauth] Is OAuth death?
So it has moved on to IETF from oauth.org. Google, Facebook among others have been implementing OAuth 2.0 various revisions to this date. OAuth 2.0 in IETF is near its completion. Best, Nat On Tue, Mar 20, 2012 at 4:16 AM, SunboX fiedler.an...@googlemail.comwrote: Last Blog-Post on oauth.net is from may 2009. All php libraries are sleeping since one year (http://code.google.com/p/oauth-php/source/ list). Who did see OAuth 2.0 somewhere? Is OAuth death? -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
