I’m excited to announce that the OAuth Core 1.0 specification has been released today as final. It has been a great (and surprisingly short) adventure working with great minds to create a specification that will make the web a better place for users and developers. I will post the third part of my on-going Beginners Guide to OAuth in the coming days. But the OAuth work is far from finished. We now have to get some critical extensions out, like signing of HTTP bodies, discovery (which I have started implementing for Nouncer at http://api.nouncer.com/.xrds), additional signature methods, and better integration of OAuth with OpenID.
Congrats to everyone involved and thanks for letting me be part of this.
The Press Release:
December 4, 2007 – The OAuth Working Group is pleased to announce publication of the OAuth Core 1.0 Specification. OAuth (pronounced “Oh-Auth”), summarized as “your valet key for the web,” enables developers of web-enabled software to integrate with web services on behalf of a user without requiring the user to share private credentials, such as passwords, between sites. The specification can be found at http://oauth.net/core/1.0 and supporting resources can be found at http://oauth.net.
Developed through the standardization of the best practices of several well established proprietary industry protocols, OAuth is similar to Google AuthSub, FlickrAuth, AOL OpenAuth, Yahoo BBAuth, Upcoming API authentication, and Amazon Web Services API authentication.
However, OAuth is non-proprietary, and does not require a specific user interface or interaction pattern. Service Providers do not have to specify how they authenticate Users, making the protocol ideally suited for cases where authentication credentials are unavailable to the websites, such as with OpenID. OAuth is designed to complement , rather than replace, authentication protocols such as OpenID.
Application developers can easily and safely create “mashups” across multiple web services, and web site developers can enable rich user experiences without their users sharing passwords with untrusted sites. OAuth was carefully designed for the needs of service providers ranging from the smallest PHP application to the largest industry scaled web services platforms, and for the needs of consumers such as multisite mashups, desktop tools, cellphones, set-top boxes, and internet connected appliances.
Open source code libraries are available for PHP, Rails, Python, .NET, C, and Perl. More information and complete documentation can be found at the project homepage http://oauth.net.