« My new facebook friend!  •  BC Gov to test out Information Cards »

Recent Stories

  • No More Microsoft Dick, No More Identity 2.0
  • Identity, Privacy and Facebook
  • Who makes more money than me?
  • I want my stimulus: but is it Jeff or Kevin?
  • Privacy Issue or Feature: Unpleasant vs Pleasant Surprise

    • Account delegation standard released: OAuth 1.0 now public

    September 22, 2007 in Identity Gang, Identity Tech by Dick

    Yesterday a spec was released that solves one of the internet identity problems: how do you let an app access your account at a web service without giving it your username and password. Yahoo, AOL, Flickr and Google all had a slightly different approach to solving this problem, which created additional overhead for developers. OAuth has a site here, and Eran Hammer-Lahav wrote a good background piece here. Could the spec be better? Sure. Does it get the job done? Definately.

    What is interesting about this specification is how it was developed. A number of people were at Mashup Camp and decided to work together to solve the problem. A post was made on one of the OpenID lists which raised awareness amongst the identirati and a core group of participants got to work.

    Leah Culver from Pownce and Blaine Cook from Twitter did not want to reinvent a solution, and being high profile web 2.0 sites, were able to drive a conclusion to discussion by insisting they needed a spec real-soon-now or they would need to come up with their own. The consummate Web 2.0 rainmaker Chris Messina greased the wheels while Eran of Hueniverse stepped up and did a ton of work editing and consensus building. George Fletcher from AOL was tracking the spec, and there was surprising participation from Google heavy weights John Panzer and Ben Laurie. There were lots of other people involved of course, and the core group was somewhat closed about letting other people in, but at the end of the day a spec was agreed to in only a few months. This is how the internet was built in the old days. It is great to see the tradition continuing today.

    Pages

    Identity 2.0 bloggers:

    Past Events:

    Points of View:

    5 comments

    September 22, 2007 at 9:01 pm

    Blaine Cook

    Just a note on the timeframe; MashupCamp was once place where OAuth was introduced to a wider audience - the first implementation of OAuth (then called "api_application_controller.rb") was done over xmas last year while I was hiding from the rain at home in Vancouver, as an attempt to synthesize Flickr Auth, Google AuthSub, and BBAuth. In early June, after several months of false starts, Kellan Elliot-McCrea and I wrote down the initial draft based on the implementation I had, and the initial OAuth meetings from early April forward.

    That said, community building is hard work, and I’ve been incredibly impressed at the amount of dedicated work that’s been put forward at building consensus around this idea in such a short period of time (even if it was more like 10 versus 3 months). The process around OAuth has definitely been more than in the pure-extraction Microformats community — the comments and improvements to the spec that were put forward by the fantastic community of almost 200 people that are on the "private" working group list (soon to be "public") were at times overwhelming, but always productive. Eran really deserves immense kudos for his writing and editing that brought the spec to a stable version. Despite whatever minor issues that the spec still has, I’m confident that OAuth will see rapid uptake thanks to the excellent consensus building work that Chris and Tara at Citizen Agency are famous for, and look forward to improving upon it in the future.

    September 22, 2007 at 9:25 pm

    Thanks for the clarifications Blaine!

    September 27, 2007 at 8:03 am

    Anonymous

    I agree, well said. Very good website.