I'm Todd Sieling, and I help design software experiences and strategies for the web. Here I write and can be contacted about creating humane, effective and memorable products for the connected world.

Learn about what I bring to making better software
Welcome! Hide

OAuth 1.0 Final Draft Released Today

Oct 4th, 2007 No comments yet.

A small tip to what is going to be a big story: the OAuth 1.0 specification was released today as a final draft. OAuth (pronounced Oh-oth) is short for Open Authentication, is a protocol for delegating permission to an application to use your content from other services without handing over your password.

I’ll be posting some writing in the coming days that addresses, among other things, OAuth’s role in developing applications, so for now I’ll leave it to others to fill you in on what OAuth is and why it matters:

Eran Hammer-Lahav, aside from being a major contributor to the spec, has been doing some excellent blogging (and illustration) about OAuth. He sums up OAuth’s purpose in these words:



OAuth allows you to share your private resources (photos, videos, contact list, bank accounts) stored on one site with another site without having to hand out your username and password. There are many reasons why one should not share their private credentials. Giving your email account password to a social network site so they can look up your friends is the same thing as going to dinner and giving your ATM card and PIN code to the waiter when it’s time to pay. Any restaurant asking for your PIN code will go out of business, but when it comes to the web, users put themselves at risk sharing the same private information. OAuth to the rescue.

With Ma.gnolia as part of the author group, and racing to be among the first to implement OAuth in a live service, I participated in an editorial role, helping move the raw notes into a more publishable form, and by diagramming the flow of an OAuth authentication.

With code libraries already well under way for Ruby on Rails, PHP, .Net and more, and with the participation of some heavy hitters in the web world, you can expect to see OAuth smoothing out user experiences between different services. If you’re interested in jumping on board, there are a couple places to start besides the project site itself (http://oauth.net):

Discussion is starting to get lively now that the announcement has hit the popular status on Digg. Check it out and click us some love if you want to help spread the word.

And, if you’d like more discussion, check out the Pibb channel where questions, answers and comments have been flying for a while.

The future for web mashups just got a lot brighter, and a lot safer. Congratulations to the OAuth spec team!

Leave a Comment