Welcome to WebmasterWorld Guest from 54.224.230.193

Forum Moderators: phranque

Message Too Old, No Replies

OAuth's 2.0 Leader Resigns Over It Being "a bad protocol"

     
5:54 pm on Jul 27, 2012 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:23150
votes: 344


That's rather worrying. It cannot afford to be a bad protocol, imho.

OAuth's 2.0 Leader Resigns Over It Being "a bad protocol" [news.cnet.com]
OAuth 2.0 promised to improve authentication on the Net, but its author has resigned from the project after concluding the standard "is a bad protocol."

"When compared with OAuth 1.0, the 2.0 specification is more complex, less interoperable, less useful, more incomplete, and most importantly, less secure," Eran Hammer-Lahav said in a blog post yesterday. "I resigned my role as lead author and editor, [withdrew] my name from the specification, and left the working group...Deciding to move on from an effort I have led for over five years was agonizing."

5:59 pm on July 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


If the person "in charge" can't get things going in the right direction, who the heck can?
2:43 am on July 30, 2012 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts:14786
votes: 86


I haven't kept up with OAuth lately. Are the implementations run by the big guys on this new 2.0?