OAuth

October 4, 2007 – The OAuth Working Group is pleased to announce publication of the Final Draft of the OAuth Core 1.0 Specification. OAuth (pronounced “Oh-Auth”), summarized as “your valet key for the web,” enables developers of web-enabled software to integrate with web services on behalf of a user without requiring the user to share private credentials, such as passwords, between sites. The specification and supporting resources can be found at http://oauth.net.

Developed through the standardization of the best practices of several well established proprietary industry protocols, OAuth is similar to Google AuthSub, FlickrAuth, AOL OpenAuth, Yahoo BBAuth, Upcoming API authentication, and Amazon Web Services API authentication.

However, OAuth is non-proprietary, and does not require a specific user interface or interaction pattern. Service Providers do not have to specify how they authenticate Users, making the protocol ideally suited for cases where authentication credentials are unavailable to the websites, such as with OpenID. OAuth is designed to complement , rather than replace, authentication protocols such as OpenID.

Application developers can easily and safely create “mashups” across multiple web services, and web site developers can enable rich user experiences without their users sharing passwords with untrusted sites. OAuth was carefully designed for the needs of Service Providers ranging from the smallest PHP application to the largest industry scaled web services platforms, and for the needs of consumers such as multisite mashups, desktop tools, cellphones, set-top boxes, and internet connected appliances.

Open source code libraries are currently being developed for PHP, Rails, Python, .NET, C, and Perl. More information and complete documentation can be found at the project homepage http://oauth.net.