Eran, Excellent write-up. Couple of quick points: a) Instead of another "easy-to-read" specification document of some kind, might be easier to write an OAuth Primer (similar to what W3C does). The document can have a section on "Lessons learned from implementations". Naturally all of these will get folded into the RFC.
b) You had mentioned lack of good open source libraries. I agree that it is important to have good libraries. Which libraries do need work ? Is there a list of tasks or some sort of pointers ? If we have a Wiki page and a list of work to be done - even at a very high granular level - then it will make it easier for folks to pitch-in as time permits. c) BTW, moving to IETF is very good. A standard under a well-accepted body like IETF makes it easier for corporations to adopt. In the process, we also get visibility from the security community plus a deliberate-systemic approach for growth. Cheers <k/> |-----Original Message----- |From: oauth@googlegroups.com [mailto:oa...@googlegroups.com] On Behalf |Of Eran Hammer-Lahav |Sent: Monday, March 02, 2009 8:42 AM |To: oauth@googlegroups.com |Cc: oa...@ietf.org |Subject: [oauth] FYI: State of the (OAuth) Union | | |http://www.hueniverse.com/hueniverse/2009/03/state-of-the-oauth- |union.html | |OAuth Core 1.0 was declared as final specification almost a year and a |half ago. The overall reception was incredible with almost overnight |adoption from major web players like Google, Yahoo, and MySpace. We even |got the attention of the major internet standard bodies, approaching us, |some officially, some less so, to bring the work over. It has been a |good year for community-driven specifications with OAuth leading the |charge. | |During the past year, we've also seen a lot of new ideas and new |requirements coming up. Most people are not aware that there are about |15 proposed extensions for OAuth covering a wide range of topics. There |is also a lot of confusion regarding what is going on with the |specification, how should extension be proposed (and made "official"), |and recent announcements. | |This post will try to answer some of the questions I receive from people |on a daily basis. If you care about OAuth, implemented it or plan to, or |have any dependency on the specification, technology, or community, this |should be a helpful read. If I missed an important question, please let |me know in the comments. | | * What's Up? | * What is the Status of OAuth Core 1.0? | * Is there a New Version Coming? | * What is Being Done to Make the Current Specification Easier to |Read? | * Is OAuth Moving to the IETF? | * Why the IETF? | * Why does the IETF want OAuth? | * Who Made You In Charge (to Bring OAuth to the IETF)? | * Why isn't the Current Specification Good Enough? Why Seek a |Standard? | * OAuth doesn't Address My Use Case, How can I Extend it? | * Any Upcoming OAuth Events? | |EHL | | --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---