OAuth
From Wikipedia, the free encyclopedia
OAuth is an open protocol, initiated by Blaine Cook and Chris Messina, to allow secure API authorization in a simple and standard method for desktop, mobile and web applications.
For consumer developers, OAuth is a method to publish and interact with protected data. For service provider developers, OAuth gives users access to their data while protecting their account credentials. In other words, OAuth allows a user to grant access to their information on one site (the Service Provider), to another site (called Consumer), without sharing all of his or her identity.
[edit] History
OAuth began in November 2006, during which Blaine Cook was developing the Twitter OpenID implementation. Meanwhile, Ma.gnolia needed a solution to allow its members with OpenIDs to authorise Dashboard Widgets to access their service. Thus, Cook, Chris Messina and Larry Halff from Ma.gnolia met with David Recordon to discuss using OpenID with the Twitter and Ma.gnolia APIs to delegate authentication. They concluded that there were no open standards for API access delegation.
The OAuth discussion group was created in April 2007, for the small group of implementers to write the draft proposal for an open protocol. DeWitt Clinton from Google learned of the OAuth project, and expressed his interest in supporting the effort. In July 2007 the team drafted an initial specification. Eran Hammer-Lahav joined and coordinated the many OAuth contributions, creating a more formal specification. On October 3, 2007, the OAuth Core 1.0 final draft was released.
At the 73rd IETF meeting in Minneapolis, an OAuth BOF was held to discuss bringing the protocol into the IETF for further standardization work. The event was well attended and there was wide support for formally chartering an OAUTH working group within the IETF.