oAuth Brings Open Authentication

We have been using and seeing advantages of OpenID. It has seen its share of criticism, and a lot of it comes from the fact that OpenID is about identification, it is not about authorization. As a natural succession, we are about to see something that will assist this – oAuth. In fact, Chris Messina explains that oAuth was created out of necessity to use OpenID. He also announced that the public drafts of 1.0 spec are now available.

What is oAuth? oAuth enables you ask a service to get your data from another service without having to give away your credentials for it. It is delegated authentication, you can authorize another application or service to have controlled access your data, just like a valet can access your car to park it. As Dare Obasanjo says, it is a way of authorizing another application to act on your behalf for some purpose, instead of letting them be you by giving them your login credentials.

Though it started with OpenID, Eran Hammer-Lahav explains that oAuth is not an OpenID extension. As I understand it they solve two different problems and are compatible with each other. Not only will this enable us to authorize other agents, but this will also standardize it, so that we do not need to support thousands of authentication protocols.

The team behind oAuth has done an excellent job of providing the basic information for the developers. The design goals, the basic code and the mailing list are already in the place. I think this is a very interesting development that can ease our lives as well as improve interoperability. This can be the first step towards reducing the fatigue of using the many social networks.