. .

standards

Is OAuth Dead?

January 1, 2010 15:32:42.469

I love standards - there are always so many to choose from :) Awhile back, I was interested in building an OAuth implementation for Smalltalk, so that my Twitter interface would work with it. Well: in reading this post from Dave Winer, I may have discovered why my code wasn't working with Twitter, even though I was (I think, anyway) following the spec. I built a Digest Auth implementation from the spec once, and I've dealt with Facebook, so I'm not completely green at this stuff.

A bit more digging, and what appears but this, from the same site that has the OAuth tutorials I was following:

A few weeks ago at IIW, Dick Hardt of Microsoft, Brian Eaton of Google, and Allen Tom of Yahoo! presented WRAP, a competing specification to OAuth. WRAP is a smart specification that includes a lot of good and useful ideas. If it was presented as a white paper on how OAuth could be made better, I would be singing a very different tune. It is a very good protocol draft which has clearly learned many lessons from two years of hands-on OAuth experience. I encourage anyone working in this space to read and study WRAP.

It sounds like OAuth is dying before it so much as saw the light of real usage. It also sounds like (read further into that article) a 2.0 spec will get put together, but it'll be more like a "from scratch" than a 2.0. I guess that means that Twitter will be keeping that Basic Auth interface around :)

Technorati Tags: , ,

posted by James Robertson

 Share Tweet This