Re: [oauth] FYI: State of the (OAuth) Union
"Krishna Sankar (ksankar)" <ksankar@cisco.com> Mon, 02 March 2009 21:46 UTC
Return-Path: <ksankar@cisco.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0D1E3A6AFE for <oauth@core3.amsl.com>; Mon, 2 Mar 2009 13:46:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B2QuLynlqUKj for <oauth@core3.amsl.com>; Mon, 2 Mar 2009 13:46:09 -0800 (PST)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 4575C3A6896 for <oauth@ietf.org>; Mon, 2 Mar 2009 13:46:09 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.38,291,1233532800"; d="scan'208";a="136764377"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-2.cisco.com with ESMTP; 02 Mar 2009 21:46:35 +0000
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id n22LkZiQ023971; Mon, 2 Mar 2009 13:46:35 -0800
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id n22LkZ6O025589; Mon, 2 Mar 2009 21:46:35 GMT
Received: from xmb-sjc-219.amer.cisco.com ([171.70.151.188]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 2 Mar 2009 13:46:35 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 02 Mar 2009 13:45:46 -0800
Message-ID: <9FA16888AD1BF64ABCE6C2532CCEB98A06B7E5A6@xmb-sjc-219.amer.cisco.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723425023C6BDA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [oauth] FYI: State of the (OAuth) Union
Thread-Index: AcmbVdT5DT+ZD6o7TKeLcA/8QceubwAJvh+Q
References: <90C41DD21FB7C64BB94121FBBC2E723425023C6BDA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
From: "Krishna Sankar (ksankar)" <ksankar@cisco.com>
To: oauth@googlegroups.com
X-OriginalArrivalTime: 02 Mar 2009 21:46:35.0525 (UTC) FILETIME=[5BD00B50:01C99B80]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3401; t=1236030395; x=1236894395; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ksankar@cisco.com; z=From:=20=22Krishna=20Sankar=20(ksankar)=22=20<ksankar@cisc o.com> |Subject:=20RE=3A=20[oauth]=20FYI=3A=20State=20of=20the=20( OAuth)=20Union |Sender:=20; bh=IVkMl8fKAulnc+b+3ZycmlXGpOshsNoIuQDOtwNS5t8=; b=QGm6E27kRWB+LxIQnAb9X3Ptqq3dzX8MDyDvys8PXmwJLlQKkwV1+MXEXn 4Obz+ckf1Z9FXPohAkxq6Oc7GoS/qfagE67ivJU76B2b1xBAZ53mTw3O+prv cO0rE9aWhQ;
Authentication-Results: sj-dkim-3; header.From=ksankar@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Mailman-Approved-At: Sat, 07 Mar 2009 18:15:46 -0800
Cc: oauth@ietf.org
Subject: Re: [oauth] FYI: State of the (OAuth) Union
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Oauth bof discussion <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2009 21:46:10 -0000
Eran, Excellent write-up. Couple of quick points: a) Instead of another "easy-to-read" specification document of some kind, might be easier to write an OAuth Primer (similar to what W3C does). The document can have a section on "Lessons learned from implementations". Naturally all of these will get folded into the RFC. b) You had mentioned lack of good open source libraries. I agree that it is important to have good libraries. Which libraries do need work ? Is there a list of tasks or some sort of pointers ? If we have a Wiki page and a list of work to be done - even at a very high granular level - then it will make it easier for folks to pitch-in as time permits. c) BTW, moving to IETF is very good. A standard under a well-accepted body like IETF makes it easier for corporations to adopt. In the process, we also get visibility from the security community plus a deliberate-systemic approach for growth. Cheers <k/> |-----Original Message----- |From: oauth@googlegroups.com [mailto:oauth@googlegroups.com] On Behalf |Of Eran Hammer-Lahav |Sent: Monday, March 02, 2009 8:42 AM |To: oauth@googlegroups.com |Cc: oauth@ietf.org |Subject: [oauth] FYI: State of the (OAuth) Union | | |http://www.hueniverse.com/hueniverse/2009/03/state-of-the-oauth- |union.html | |OAuth Core 1.0 was declared as final specification almost a year and a |half ago. The overall reception was incredible with almost overnight |adoption from major web players like Google, Yahoo, and MySpace. We even |got the attention of the major internet standard bodies, approaching us, |some officially, some less so, to bring the work over. It has been a |good year for community-driven specifications with OAuth leading the |charge. | |During the past year, we've also seen a lot of new ideas and new |requirements coming up. Most people are not aware that there are about |15 proposed extensions for OAuth covering a wide range of topics. There |is also a lot of confusion regarding what is going on with the |specification, how should extension be proposed (and made "official"), |and recent announcements. | |This post will try to answer some of the questions I receive from people |on a daily basis. If you care about OAuth, implemented it or plan to, or |have any dependency on the specification, technology, or community, this |should be a helpful read. If I missed an important question, please let |me know in the comments. | | * What's Up? | * What is the Status of OAuth Core 1.0? | * Is there a New Version Coming? | * What is Being Done to Make the Current Specification Easier to |Read? | * Is OAuth Moving to the IETF? | * Why the IETF? | * Why does the IETF want OAuth? | * Who Made You In Charge (to Bring OAuth to the IETF)? | * Why isn't the Current Specification Good Enough? Why Seek a |Standard? | * OAuth doesn't Address My Use Case, How can I Extend it? | * Any Upcoming OAuth Events? | |EHL | |--~--~---------~--~----~------------~-------~--~----~ |You received this message because you are subscribed to the Google |Groups "OAuth" group. |To post to this group, send email to oauth@googlegroups.com |To unsubscribe from this group, send email to |oauth+unsubscribe@googlegroups.com |For more options, visit this group at |http://groups.google.com/group/oauth?hl=en |-~----------~----~----~----~------~----~------~--~---
- [oauth] FYI: State of the (OAuth) Union Eran Hammer-Lahav
- Re: [oauth] FYI: State of the (OAuth) Union Krishna Sankar (ksankar)