oAuth Brings Open Authentication

We have been using and seeing advantages of OpenID. It has seen its share of criticism, and a lot of it comes from the fact that OpenID is about identification, it is not about authorization. As a natural succession, we are about to see something that will assist this – oAuth. In fact, Chris Messina explains that oAuth was created out of necessity to use OpenID. He also announced that the public drafts of 1.0 spec are now available.

What is oAuth? oAuth enables you ask a service to get your data from another service without having to give away your credentials for it. It is delegated authentication, you can authorize another application or service to have controlled access your data, just like a valet can access your car to park it. As Dare Obasanjo says, it is a way of authorizing another application to act on your behalf for some purpose, instead of letting them be you by giving them your login credentials.

Though it started with OpenID, Eran Hammer-Lahav explains that oAuth is not an OpenID extension. As I understand it they solve two different problems and are compatible with each other. Not only will this enable us to authorize other agents, but this will also standardize it, so that we do not need to support thousands of authentication protocols.

The team behind oAuth has done an excellent job of providing the basic information for the developers. The design goals, the basic code and the mailing list are already in the place. I think this is a very interesting development that can ease our lives as well as improve interoperability. This can be the first step towards reducing the fatigue of using the many social networks.

Discussion [Participate or Link]

  1. OpenID Gets Chairs From Big Players | iface thoughts said:

    […] will look forward to more experiments with OpenID and its companion technologies like CardSpace or OAuth to demonstrate a complete solution to the developers. We already have efforts like DiSo, but these […]

  2. Windows Live Will Soon Work As Your OpenID | iface thoughts said:

    […] a full solution in itself, it is only an identity framework. That is why I think developments like OAuth and prototypes like DiSo will lead us build a complete […]

Say your thought!

If you want to use HTML you can use these tags: <a>, <em>, <strong>, <abbr>, <code>, <blockquote>. Closing the tags will be appreciated as this site uses valid XHTML.



Abhijit Nadgouda
iface Consulting
+91 9819820312
My bookmarks


This is the weblog of Abhijit Nadgouda where he writes down his thoughts on software development and related topics. You are invited to subscribe to the feed to stay updated or check out more subscription options. Or you can choose to browse by one of the topics.