Interesting critique of OAuth by one of its creators

Eran Hammer has published a detailed critique of OAuth at [1]. Well worth 
reading for anyone interested in Web authentication. His conclusion:

"If you're looking to implement authorization for your website, I recommend 
to sticking with well understood secure designs, such as HTTP Basic 
Authentication over SSL/TLS (or HTTP Digest Authentication)."

He then goes on to suggest more elaborate schemes for cases in which access 
to 3rd party software is desired.

BTW: the above is by way of Slashdot.



Received on Friday, 22 March 2013 15:31:34 UTC