OAuth authorization delegation protocol draft submitted

The community-based specification OAuth Core 1.0 (http://oauth.net) was recently submitted as an IETF draft (http://tools.ietf.org/html/draft-hammer-oauth-00) for standards track consideration. A BoF is planned for the next IETF meeting in MN. OAuth defines a method to sign (using HMAC or RSA) HTTP requests as well as a workflow for exchanging user credentials for tokens to enable safe access delegation. The protocol has been developed by an open community and in the 10 months since it was declared final, was officially adopted by Google, Yahoo!, Ma.gnolia, Netflix, SmugMug, Pownce, MySpace, and many others.

The intention is to make the necessary adjustments to the specification (such as adding standard error codes and clarifying some of the language) for it to become an internet standard, but to keep it compatible with the growing deployment base.

Feedback would be greatly appreciated.


Received on Monday, 6 October 2008 15:22:43 UTC