OAuth and OpenID: take2
Lot's of activity in the OpenID and OAuth space recently. Both OAuth and OpenID have suffered from bad user experience, bad developer experience and low adoption. Now they're in the process of re-invention and folks from both Google and Facebook are involved. Here's my reading list so far on the topic:
- IETF OAuth working group - The OAuth 2.0 Protocol - draft-ietf-oauth-v2-05 is the latest draft of OAuth 2.0, published about two weeks ago.
- Eran Hammer-Lahav - Introducing OAuth 2.0 is an excellent overview of what's different and new about OAuth 2.0, listing the six new flows that are supported including a username/password flow.
- David Recordon (Facebook) - OpenID Connect: A strawman... is a proposal for "OpenID Connect" a standard way to do what Facebook Connect and Google Friend Connect today, allow users to login sites with either their Facebook, Google or other identity provider credentials.
- Chris Messina (Google) - Combining OpenID and OAuth with OpenID Connect covers the thinking behind OpenID Connect and the expansion of the "OpenID brand."
- Michael Calore (WebMonkey) - New OpenID Connect Proposal Could Solve Many of the Social Webs Woes covers motivations behind OpenID Connect, problems with OAuth and OpenID.
- Joseph Holsten - Your New New Web Identity another nice overview of the new OpenID and OAuth ideas, pushes back against dropping/reinventing of OpenID Attribute Exchange.
- Tantek Celic - I'm calling bullshit on #OpenID Connect. Still too complex, ... is about one run-on tweet's worth of contructive criticism
Dave Johnson
in Social Software
• 🕒 09:48AM May 18, 2010