#OAuth

At IIW 2007b OAuth Core 1.0 Final was released.

I wish I could attend IIW but I had previous work related obligations that I simply could not get out of. I do hope to attend the next one (IIW 2008a).

Now it’s time to update the C# client to the latest and really final version of the spec.

Congrats to everyone involved with OAuth. It is a truly amazing group of people and I think we can all be proud of the outcome!

I know it took me a while (sorry) but I had a couple things on my plate.

At first I wanted to release a more complete integration of OAuth within ASP.NET, but that will have to wait to the next time frame I can allocate to work on this.

In the meantime, there is some basic C# code in the OAuth code repository which generates the OAuth signature, which is the most complicated thing to implement in the spec (not that it’s that difficult to implement :-) It’s actually quite easy).

After Chris blogged about it Eran Hammer-Lahav wrote a Beginner’s Guide to OAuth I have little to add.

I will add though that my C# library which I’m promising for quite some time will get out very soon :-) (Sorry for the delay, it’s been hectic around here).

Others have made such great explanations as to what OAuth is and what it does like Eran Hammer-Lahav’s post so I won’t repeat it.

I will say that OAuth should make the Internet a little bit safer by giving the technical means to remove the need of a certain service asking the user to give his/her username and password to access another service that that user is also using.

OAuth is to credentials delegation what OpenID is to authentication. An open standard for delegating a user’s credentials between services, the same way OpenID is an open standard for authentication.