OAuth authorization delegation protocol draft submitted from Eran Hammer-Lahav on 2008-10-06 (ietf-http-wg@w3.org from October to December 2008)

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Mon, 6 Oct 2008 08:21:24 -0700
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <90C41DD21FB7C64BB94121FBBC2E7234127889F263@P3PW5EX1MB01.EX1.SECURESERVER.NET>

The community-based specification OAuth Core 1.0 (http://oauth.net) was recently submitted as an IETF draft (http://tools.ietf.org/html/draft-hammer-oauth-00) for standards track consideration. A BoF is planned for the next IETF meeting in MN. OAuth defines a method to sign (using HMAC or RSA) HTTP requests as well as a workflow for exchanging user credentials for tokens to enable safe access delegation. The protocol has been developed by an open community and in the 10 months since it was declared final, was officially adopted by Google, Yahoo!, Ma.gnolia, Netflix, SmugMug, Pownce, MySpace, and many others.

The intention is to make the necessary adjustments to the specification (such as adding standard error codes and clarifying some of the language) for it to become an internet standard, but to keep it compatible with the growing deployment base.

Feedback would be greatly appreciated.

EHL

Received on Monday, 6 October 2008 15:22:43 UTC