Oh-Auth !

Today at IIW we had several great sessions on OAuth, OAuth extensions, OAuth + OpenID working together, and a lot of other interesting topics around Service invocation, user deputization, and direct logins for clients (desktop/mobile/flash apps). (more info on the IIW wiki)

For those of you who do not know what OAuth is (pronounced 'Oh-Auth'), it's a new community driven protocol for handling Secure API Authentication (though it's more about Authorization than Authentication itself). To give you an idea, currently each one of the big providers out there have their own way of exposing their Open Services and APIs to the public (which is good - I won't argue about that). But the down side of it is, every developer has to deal with each Service Provider (SP) specific implementation separately (even though conceptually all are pretty much doing the same). This is where OAuth tries to help by providing a common way of invoking Services on behalf of the users (you can call it "delegation" or "deputization") following the good principles of user-centric identity model.

Also today the OAuth Core 1.0 Final Spec has been released. You can find more information about that on the OAuth blog.