OAuth in Minneapolis
Friday, 21 November 2008
There are lots of new “Web 2.0” specs emerging — many beginning with “o” — that are both exciting and concerning.
Exciting because the Web is still evolving and still being applied to new problems, but concerning because the Web is big and has many moving parts. While it’s easy to design something new to address one use case or or set of interests, it’s much harder to make sure it works across the breadth of the Web and the Internet without causing problems elsewhere, cutting off opportunities, or generally being a bad part of the ecosystem. There’s a tremendous depth of history and implementation experience that frankly just isn’t visible to newcomers.
Which is why, when I started talking to Eran about his work with OAuth, I immediately began steering him towards working with the IETF. Unbeknownst to him, I also did it because a lot of those experienced people I talked to were getting excited about the potential that OAuth offers — something which an authentication protocol usually doesn’t draw, because it’s so difficult to get it right.
All of this culminated earlier this week in a Birds of a Feather meeting in Minneapolis. A BoF is the mechanism that the IETF uses to gauge interest in a new effort, and I’d say the IETF is interested — enthusiastic, even. Although we had Eran, Blaine and Larry primed for abuse, disdain and argument, most of what they got was people standing up and saying how important and interesting this work is, and how it could be applied in other domains.
It’s too early to tell yet, but it looks like this has a good chance of going forward as a Working Group; we have a proposed charter, and none other than Dave Crocker put up his hand to be chair.
Kudos to the OAuth folks for actively engaging a larger community, and to the IETF for not getting hung up on NIH or architectural astronautics. If you’re interested in tracking this work, subscribe to the new list.