Digital Identity, Trust and Privacy on the open Internet

Eran bails out of the OAuth2.0 Spec

without comments

So the news this week was that Eran has decided that OAuth2.0 is a bad specification and wants nothing to do with it.  Its kinda a bit too late to complain about OAuth2.0.  Its out there, its being used as the basis for many other protocols, such as OpenID-Connect and UMA. Its going to stay around for a while, and perhaps even evolve further. Its a workable solution for this current generation of web applications APIs.

John Bradley got it right: the OAuth2.0 sky is not falling.

PS.  I don’t know why people are so upset about the IETF process (see comments by Eran & responses by other folks).  How many people in the OAuth WG were around for the creation of IPsec protocol? What about the IKE protocol (starting from Hilary Orman’s ISAKMP draft).  All in all it took 5 years at least. Not to mention the PKIX WG (still around after 15 years). This *is* the IETF process. Love it or leave it.

Written by thomas

July 30th, 2012 at 1:13 am

Posted in OAUTH2.0