Eran,
Excellent write-up. Couple of quick points:
a) Instead of another easy-to-read specification document
of some kind, might be easier to write an OAuth Primer (similar to what
W3C does). The document can have a section on Lessons learned from
implementations. Naturally all of these will get folded into the RFC.
b) You had mentioned lack of good open source libraries. I
agree that it is important to have good libraries. Which libraries do
need work ? Is there a list of tasks or some sort of pointers ? If we
have a Wiki page and a list of work to be done - even at a very high
granular level - then it will make it easier for folks to pitch-in as
time permits.
c) BTW, moving to IETF is very good. A standard under a
well-accepted body like IETF makes it easier for corporations to adopt.
In the process, we also get visibility from the security community plus
a deliberate-systemic approach for growth.
Cheers
k/
|-Original Message-
|From: oauth@googlegroups.com [mailto:oa...@googlegroups.com] On Behalf
|Of Eran Hammer-Lahav
|Sent: Monday, March 02, 2009 8:42 AM
|To: oauth@googlegroups.com
|Cc: oa...@ietf.org
|Subject: [oauth] FYI: State of the (OAuth) Union
|
|
|http://www.hueniverse.com/hueniverse/2009/03/state-of-the-oauth-
|union.html
|
|OAuth Core 1.0 was declared as final specification almost a year and a
|half ago. The overall reception was incredible with almost overnight
|adoption from major web players like Google, Yahoo, and MySpace. We
even
|got the attention of the major internet standard bodies, approaching
us,
|some officially, some less so, to bring the work over. It has been a
|good year for community-driven specifications with OAuth leading the
|charge.
|
|During the past year, we've also seen a lot of new ideas and new
|requirements coming up. Most people are not aware that there are about
|15 proposed extensions for OAuth covering a wide range of topics. There
|is also a lot of confusion regarding what is going on with the
|specification, how should extension be proposed (and made official),
|and recent announcements.
|
|This post will try to answer some of the questions I receive from
people
|on a daily basis. If you care about OAuth, implemented it or plan to,
or
|have any dependency on the specification, technology, or community,
this
|should be a helpful read. If I missed an important question, please let
|me know in the comments.
|
|* What's Up?
|* What is the Status of OAuth Core 1.0?
|* Is there a New Version Coming?
|* What is Being Done to Make the Current Specification Easier to
|Read?
|* Is OAuth Moving to the IETF?
|* Why the IETF?
|* Why does the IETF want OAuth?
|* Who Made You In Charge (to Bring OAuth to the IETF)?
|* Why isn't the Current Specification Good Enough? Why Seek a
|Standard?
|* OAuth doesn't Address My Use Case, How can I Extend it?
|* Any Upcoming OAuth Events?
|
|EHL
|
|
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
OAuth group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~--~~~~--~~--~--~---
