W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2008

OAuth authorization delegation protocol draft submitted

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Mon, 6 Oct 2008 08:21:24 -0700
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <90C41DD21FB7C64BB94121FBBC2E7234127889F263@P3PW5EX1MB01.EX1.SECURESERVER.NET>
The community-based specification OAuth Core 1.0 (http://oauth.net) was recently submitted as an IETF draft (http://tools.ietf.org/html/draft-hammer-oauth-00) for standards track consideration. A BoF is planned for the next IETF meeting in MN. OAuth defines a method to sign (using HMAC or RSA) HTTP requests as well as a workflow for exchanging user credentials for tokens to enable safe access delegation. The protocol has been developed by an open community and in the 10 months since it was declared final, was officially adopted by Google, Yahoo!, Ma.gnolia, Netflix, SmugMug, Pownce, MySpace, and many others.

The intention is to make the necessary adjustments to the specification (such as adding standard error codes and clarifying some of the language) for it to become an internet standard, but to keep it compatible with the growing deployment base.

Feedback would be greatly appreciated.

EHL
Received on Monday, 6 October 2008 15:22:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:56 GMT