Posts tagged openid

It’s been sitting in the dark until it’s recent Public Draft appearance, but the OAuth Specification is finally at the “Final Draft” stage, and we should see a final draft come November. I’ve been following OpenID for over a year now, and it’s great to see another product of Identity/Web 2.0 world see the light of day.

OAuth, for those not following its progress, is “an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications”. If you’re familiar with how the Flickr web service operates, this should be familiar (Flickr were involved in the specification process). OAuth was borne partly out of the needs of web services who wished to implement OpenID (e.g. Twitter, Ma.gnolia) but whose web services still require a username/password combination. But it also covers the case where giving out your real username and password combination to third-party apps is an unnecesary security risk (don’t want them using that data to take over your account ). This covers apps from online services like mashups, to desktop widgets or even Adode AIR applications.

Quick mention here to Ed Finkler’s Spaz (Best HTML Community Application in the Adobe AIR Derby ) which is one very cool Twitter app I’ve been using for a while now! If you don’t already follow me on Twitter, I’m “padraicb“.

Because I love all things OpenID related and am an OpenID “pusher” in Europe (blame the OpenID Europe Foundation membership on Snorri Giorgetti), I’ll be proposing a PHP5 implementation of OAuth to the Zend Framework (assuming no other OAuth proposal) and PEAR (PEAR because that’s now the home of my OpenID For PHP library under proposal).

If you’re interested in finding out more about OAuth, visit the website at http://www.oauth.net.

Eran Hammer-Lahav probably put OAuth in terms of a most useful metaphor.

OAuth is like a valet key for all your web services. A valet key lets you give a valet the ability to park your car, but not the ability to get into the trunk or drive more than 2 miles or limit the RPMs on your high end German automobile. In the same way, an OAuth key lets you give a web agent the ability to check your web mail but NOT the ability to pretend to be you and send mail to everybody in your address book.

OAuth and OpenID, coming to a web service near you (including Bloglines) soon.