Changes To OAuth 2.0 Security Standard For Social Sharing At 'Last Call' Stage

The social media security protocol OAuth 2.0 soon ought to be fully baked--even if the editor of the specification is left grumbling that there have been too many cooks in the kitchen.

OAuth 2.0 is already one of the most important social software development standards, thanks to its incorporation into the Facebook authentication scheme used with the Open Graph API. As implemented by Facebook, it provides those popup dialog boxes asking you to grant an application the right to access your personal data and activity stream. Thereafter, OAuth provides the mechanism an application uses to prove to Facebook that you have granted it the right to access those resources.

Yahoo, Google, and Web 2.0 pioneers like 37signals have also implemented some version of OAuth without waiting for the specification to be final. Yet when the OpenSocial 2.0 specification was published last week, it referenced OAuth as an "incubating" standard because it was still in the process of being finalized through an Internet Engineering Task Force (IETF) working group.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.