Hi, I'm Eran, one of the authors of OAuth and up until recently worked on a content distribution platform called Nouncer. I've been busy lately working on a bunch of OAuth extensions such as Token Attributes (to negotiate resource access, permissions, and duration) and Discovery. The Discovery work produced a side-project called XRDS-Simple which was released last night as a first draft.
I've used XMPP for individual updates, Pub/Sub, and started playing with the idea of an XMPP API server. I'm still catching up to the XMPP world, but am very interested in applying OAuth and XRDS-Simple discovery to XMPP services. I think in the near future, applications are going to use both HTTP and XMPP to provide a complete set of services which should all work seamlessly. There is no reason why a user has to authorize an application twice, once for HTTP use and another for XMPP use. In fact, the user should even know what the application is using. Looking forward to discussing these ideas. EHL
