- From: Noah Mendelsohn <nrm@arcanedomain.com>
- Date: Fri, 22 Mar 2013 11:31:07 -0400
- To: "www-tag@w3.org" <www-tag@w3.org>
Eran Hammer has published a detailed critique of OAuth at [1]. Well worth reading for anyone interested in Web authentication. His conclusion: "If you're looking to implement authorization for your website, I recommend to sticking with well understood secure designs, such as HTTP Basic Authentication over SSL/TLS (or HTTP Digest Authentication)." He then goes on to suggest more elaborate schemes for cases in which access to 3rd party software is desired. BTW: the above is by way of Slashdot. Noah [1] http://insanecoding.blogspot.com/2013/03/oauth-great-way-to-cripple-your-api.html [2] http://tech.slashdot.org/story/13/03/22/1439235/a-truckload-of-oauth-issues-that-would-make-any-author-quit
Received on Friday, 22 March 2013 15:31:34 UTC