I think the #1 thing to keep in mind regarding OAuth is that it's not
the sum total of what folks will be doing.
We all tend to be a little steeped in things here, but in many respects
the OAuth specs are a bit like telling folks interested in building
houses how to forge the steel for making their hammers. Regardless of
how simple or complicated OAuth happens to be, it's just one tiny part
of a much larger solution.
People also have a really hard time thinking in abstract. Where Facebook
wins is that they present effectively a single solution to the problem
of "Who is this person?" For site owners, they don't have to worry about
user management since all that is now someone else's problem. The recent
OpenID+OAuth+PortableContacts solution is a good first step, but it
still doesn't make the lives of site operators all that much easier.
Sure, accepting IDs from sites like Yahoo and Google are easy, but what
about delphicresearch.com, unitedheroes.net, or gnomebondage.com? (Ooh,
EvilOnAStick.com was available? Look out Billy Mayes!)
The best way to get this stuff out there and used is to make it damn
easy. It's why I keep pushing for a set of common libraries that folks
can hook into. Is it easier to worry about SBS double escape issues and
XRDS specifications, or call something like
user = OpenConnect(userId).userInfo;
if (user.isValid) {
print "Hello " + user.fullName();
}
The sooner we can get beyond defining the OSHA standards for carbon
content of hammers, the sooner we can start building really useful stuff.
Chris Messina wrote:
> I just discovered this site and thought that it was something that we
> really should continue doing for OpenID (and OAuth):
>
> http://guides.rubyonrails.org/
>
> After reading Joseph's blog post yesterday:
>
> http://josephsmarr.com/2009/02/17/implementing-oauth-is-still-too-hard-but-it-doesnt-have-to-be/
>
> It's clear that we must make these technologies easier to implement,
> and we can start by making more tools and recipes available.
>
> As you're doing your own implementation, please share feedback and
> your own approaches and take notes along the way where things didn't
> make sense or where the specs weren't clear. It would be great to get
> this feedback in one place, and then write documentation to help
> others avoid similar pitfalls.
>
> Feel free to use the respective wikis to documents these issues.
>
> Thanks!
>
> Chris
>
> --
> Chris Messina
> Citizen-Participant &
> Open Web Advocate-at-Large
>
> factoryjoe.com <http://factoryjoe.com> # diso-project.org
> <http://diso-project.org>
> citizenagency.com <http://citizenagency.com> # vidoop.com
> <http://vidoop.com>
> This email is: [ ] bloggable [X] ask first [ ] private
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
