InfoQ

InfoQ

InfoQ

En | 中文 | 日本語 | Br

562,907 Jan unique visitors

News

My Bookmarks

Login or Register to enable bookmarks for unlimited time.

The content has been bookmarked!

There was an error bookmarking this content! Please retry.

OAuth Gaining Momentum

Posted by Charles Humble on Jun 10, 2008

Sections
Architecture & Design,
Development,
Enterprise Architecture
Topics
Java ,
SOA ,
Security
In a recent blog post Jeff Altwood of Coding Horror fame described an increasingly common, but highly undesirable, practice amongst web site developers; that of asking for your email user name and password so that the service can look through your email contacts to see if any of your contacts also use the service. Jeff illustrates this using Yelp, but he could just as well have used LinkedIn (see below) or any number of other web sites.
LinkedIn - Build your network

 

In typically forthright style, Jeff goes on to highlight why this is such a problem. In short “they have effectively asked for the keys to my house in order to riffle through my address book.”

A number of companies and individuals are working on solutions to this problem including Google, Yahoo and Microsoft, as well as the OAuth project. Initiated by Blaine Cook, Chris Messina, Larry Halff and David Recordon, OAuth aims to provide an open standard for API access delegation. The OAuth discussion group was founded in April 2007 to provide a mechanism for this small group of implementers to write the draft proposal for the protocol. During development significant contributions were received from Eran Hammer-Lahav and Google's DeWitt Clinton. The version 1.0 specification was formally released on December 4th 2007.

At a high level OAuth works as follows:

  1. Your site has established a relationship with various webmail service providers.
  2. You share a pass-phrase, or a public key, that you can use to gain access to the web contacts.
  3. You re-direct the user to the login page for their webmail service provider.
  4. The user signs in and tells the webmail service provider that is OK for your site to access their address book.

OAuth is already gaining considerable momentum, with implementations for many popular languages including Java, C#, Objective-C, Perl, PHP and Ruby. The majority of these implementations are hosted by the OAuth project via a Google Code repository. Ryan Heaton has implemented OAuth for Spring security which can be found here. Sites supporting OAuth include Twitter, Ma.gnolia and Google (Alpha launch post here).

  • This article is part of a featured topic series on SOA

No comments

Watch Thread Reply

Educational Content

New-age Transactional Systems - Not Your Grandpa's OLTP

John Hugg discusses high volume transaction processing applications with high and low frequency profiles, and how VoltDB can be used for that purpose.

Cool Code

Kevlin Henney examines code samples to see what can be learned from them starting from the premise that one won’t write great code unless he knows how to read it.

Collaboration: At the Extremities of Extreme

Jason Ayers share the observations he made watching a team of developers collaborating in real time on the same code base, pushing XP, pair programming and continuous integration to their extremes.

Yesod Web Framework

Michael Snoyman presents Yesod, a web framework written in Haskell and containing a web server, templating, ORM, libraries (templating, gravatar, etc.).

Transactions without Transactions

Richard Kreuter and Kyle Banker on how to avoid classical RDBMS transactional systems by using compensation mechanisms, transactional messaging or transactional procedures.

Attila Szegedi on JVM and GC Performance Tuning at Twitter

Attila Szegedi talks about performance tuning Java and Scala programs at Twitter: how to approach GC problems, the importance of asynchronous I/O, when to use MySQL/Cassandra/Redis, and much more.

10 tips on how to prevent business value risk

One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor.

Interview: Software Systems Architecture: Working With Stakeholders Using Viewpoints and Perspectives

InfoQ spoke to the authors of Software Systems Architecture on a couple of new topics, the System Context viewpoint and Agile, which have been added to the second edition.