This link has been bookmarked by 28 people . It was first bookmarked on 17 Oct 2007, by designer.
-
17 Aug 09
-
Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using another key to unlock everything else.
-
These are all great services – what is not so great about some of the implementations available today is their request for your username and password on the other site.
-
This is what OAuth does, it allows you the User to grant access to your private resources on one site (which is called the Service Provider), to another site (called Consumer, not to be confused with you, the User). While OpenID is all about using a single identity to sign into many sites, OAuth is about giving access to your stuff without sharing your identity at all (or its secret parts).
-
OAuth is not an OpenID extension and at the specification level, shares only few things with OpenID – some common authors and the fact both are open specification in the realm of authentication and access control.
-
OAuth is the standardization and combined wisdom of many well established industry protocols. It is similar to other protocols currently in use (Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, Amazon Web Services API, etc). Each protocol provides a different method for exchanging user credentials for an access token or ticket. OAuth was created by carefully studying each of these protocols and extracting the best practices and commonality that will allow new implementations as well as a smooth transition for existing services to support OAuth.
-
-
17 Jun 09
-
21 May 09
-
A Little Bit of History
OAuth started around November 2006, while Blaine Cook was working on the Twitter OpenID implementation. He got in touch with Chris Messina looking for a way to use OpenID together with the Twitter API to delegate authentication. They met with David Recordon, Larry Halff, and others at a CitizenSpace OpenID meeting to discuss existing solutions. Larry was looking into integrating OpenID for Ma.gnolia Dashboard Widgets. After reviewing exiting OpenID functionality, as well as other industry practices, they came to the conclusion that there was no open standard for API access delegation. The conversation continued online and off for a few months.
In April 2007, a Google group was created with a small group of implementers to write a proposal for an open protocol. It turned out that this problem wasn't unique to OpenID and when DeWitt Clinton from Google caught wind of the project, he expressed his interest in supporting the effort, if only as a stakeholder. In July 2007 the team drafted an initial specification and the group was opened to anyone interested in contributing. After many online and face to face discussions, the OAuth 1.0 Draft is due out next week.
-
-
16 Apr 09
-
04 Feb 09
-
22 Sep 08
This is – in brief – how the story goes. I’ll try to sum it up using a website example...
1) User logs into a Consumer (Amazon) website asking it to do something for you using your Resources (BBH) on another Provider (Hooeey). The Consumer sends you over to the Provider with identifying information about it and what it is trying to access. When you get to the Service Provider you sign in and are asked if you want to let the Consumer access. Only if you agree will the Provider send you back to the Consumer with a special Single-User Token. At this point you as a User are done. The Consumer will now take the Single-User Token and contact the Service Provider to exchange it for a Multi-Use Token, the “ticket” it can use from now on to access your Protected Resources on your behalf. This is of course a simplified flow, not detailing the security and verification measures the protocol includes.
Tokens can live forever, have a limited lifetime, or be restricted to some activities. For example, a Token can allow the Consumer to change your data, while another Token is only good for read-only access. A printing service accessing your Flickr photos should really only have read access, while a new red-eye correction service will need write access to change the photos. -
07 Sep 08
-
Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using another key to unlock everything else.
-
This is what OAuth does, it allows you the User to grant access to your private resources on one site (which is called the Service Provider), to another site (called Consumer, not to be confused with you, the User).
-
OAuth talks about getting users to grant access while OpenID talks about making sure the users are really who they say they are.
-
-
25 Aug 08
-
21 Feb 08
-
Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using another key to unlock everything else. Everyday new website offer services which tie together functionality from other sites. A photo lab printing your Flickr photos, a social network using your Google address book to look for friends, and APIs to build your own desktop application version of a popular site. These are all great services – what is not so great about some of the implementations available today is their request for your username and password on the other site.
-
Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using another key to unlock everything else. Everyday new website offer services which tie together functionality from other sites. A photo lab printing your Flickr photos, a social network using your Google address book to look for friends, and APIs to build your own desktop application version of a popular site. These are all great services – what is not so great about some of the implementations available today is their request for your username and password on the other site.
-
-
10 Nov 07
Jason WehmhoenerWhile OpenID is all about using a single identity to sign into many sites, OAuth is about giving access to your stuff without sharing your identity at all (or its secret parts)
oauth openid authentication Identity socialnetworking security socialnetwork portability socialsoftware api delicious
-
Michel BauwensWhile OpenID is all about using a single identity to sign into many sites, OAuth is about giving access to your stuff without sharing your identity at all (or its secret parts)
-
05 Nov 07
-
17 Oct 07
-
02 Oct 07
-
27 Sep 07
-
12 Sep 07
-
08 Sep 07
-
07 Sep 07
Gary BurgeOAuth (pronounced "Oh Auth") is mentioned is many blog posts, usually in the context of OpenID and Open Social Networks. While OAuth can play an important role in helping open up closed communities, it is not specific to social networks. The short(est) ex
OAuth authentication webapps APIs OpenID opensocialnetworks socialnetworking EranHammerLahav
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.