Saturday, September 29, 2007

OpenID, OAuth

So, trying to sort out Open ID and what I can really use it for. Seems like its a lite-weight, low-security model for web single-sign on. And now OAuth is here to help with API and protocol support.

Simon Willison and David Recordon's OpenID tutorial from O'Reilly OSCON 07, via SlideShare.

Here is "A Recipe for OpenID-Enabling Your Site", from Plaxo.

O'Reilly Radar claims Open Authentication Comes Closer to Reality with OAuth.

Here is the OAuth blog, with links to the latest spec. How does OAuth fit in? From OAuth:
"The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication."

I'm working on a project right now where OAuth may come in handy.

No comments: