Since its release in 2007, Open Authorization (OAuth) has become a mainstay in the Web services arena. Led by a handful of social media giants, adoption of the open standard has spread. The use of OAuth for token-based authentication and authorization on the Internet reflects the changes in application development and service-oriented architecture we see today. This guide brings together articles on the current state and projected future of OAuth and its effect on Web services and development as a whole.
OAuth protocol makes gains in securing Web services authorization
The token-based OAuth security scheme has altered the domain of Web services and security. High-profile OAuth devotees such as Facebook and Twitter have garnered attention for the open standard by encouraging its use. At its core, OAuth is based on simplicity: Its aim is to allow Web application users to move from site to site without an additional login after an initial setup dialog. As such, it has become an efficient tool for movement between sites and connection between software services. OAuth has gained traction as a means to provide security for a large number of application design patterns.
More related to OAuth
Cloud identity management: Gartner's take
Web APIs go beyond social media
Guide to the latest in API developments
Trust in OAuth speeds app development
In addition to OAuth security for Web services, the standard provides for communication between applications. As more developers use large social media application programming interfaces (APIs), the importance of that communication -- including the consolidation of accounts and the securing of confidential information -- grows. As a result of these benefits for application development, OAuth is steadily becoming widespread. Yet while the standard has contributed to the application explosion of the past few years, it still remains largely in the consumer end of the development pool.
Old SOA versus new SOA? Open APIs change the game
The infamous Oracle-Google Android trial sheds light on today's evolving API landscape. Now is a time when Web APIs are shared and open, and there is a push toward lightweight services such as Representational State Transfer (REST). Among these effects, API management takes the forefront. OAuth is one of many approaches that are part of a shift toward the "new" API, securing its place in a modern lineup of SOA governance and gateway tools.
Debate over OAuth 2.0 rages on
The specs for OAuth 2.0 -- the most recent version of the standard -- have spurred controversy and continue to raise questions about security and simplicity of use. Some changes, such as a switch from digital signatures to the Secure Sockets Layer (SSL) in securing tokens, are widely considered as steps in the right direction. Still, many developers, including OAuth founder Eran Hammer, take exception to some of the changes underway for the standard.
This was first published in September 2012