This blip is not on the current edition of the radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the radar.Understand more
OAuth is a web-friendly, lightweight standard for authorization that allows a user to share private resources between internet services, e.g., allowing your favorite social networking site to access your photos from your favorite photo sharing site. OAuth is simple, avoids password proliferation, and allows a service to grant bare minimum privileges. If you are exposing your application’s data in a lightweight, web-friendly manner you should strongly consider using OAuth as your standard for authorization.
OAuth is a Web-based authorization protocol that allows applications to access a user’s secured resources in another application without the user having to share their private security credentials. Now an RFC, OAuth represents a significant standards-based attempt to improve privacy and security for Web browser and machine-based access to distributed Web resources. Library support is patchy and adopters can expect to spend some time wrangling their code to achieve true interoperability. OAuth 2.0 is due towards the end of 2010, with specific flows for Web applications, desktop applications, mobile phones, and household devices. Because OAuth 2.0 is not backwardly compatible with version 1 and the implementation challenges around the current version, OAuth is still in the assess ring.
The Web is a global data structure that enables us to share information. However not all data is meant to be shared by everyone and it’s important to be able to share information on the Web in a disciplined and governable manner without requiring massive centralized infrastructure. OAuth provides a way of sharing resources on the Web responsibly and securely. It is a Web protocol (for Web browsers or machine-to-machine interactions), which allows federated authorization of access to Web resources. What’s interesting is that OAuth is a simple protocol to implement and utilize and yet its design goals match many common enterprise authorization problems. OAuth remains in the assessment category, however, because it has fragmented, and the IETF has not yet drawn the community back together under an Internet RFC.
We are a software company and a community of passionate, purpose-led individuals. We think disruptively to deliver technology to address our clients' toughest challenges, all while seeking to revolutionize the IT industry and create positive social change.