To OAuth or not to OAuth? That seems to be the question many in the API business must ask themselves now that OAuth has moved closer to becoming a standard for authentication. OAuth 2.0 reached a major milestone this week on the road to becoming a standard, when the Internet Engineering Task Force (IETF) approved a draft of OAuth version 2.0. Layer 7′s Chief Architect Francois Lascelles says: “This milestone solidifies the OAuth 2.0 claim of being a standard.”
But OAuth’s journey towards becoming a standard hasn’t been completely smooth. Last week, the original editor of the OAuth 2.0 specification and author of OAuth 1.0, Eran Hammer, resigned and removed his name from the specifications. Layer 7′s own CTO, Scott Morrison, offered his support for the specification in a blog post titled Why I Still Like OAuth, in which he stated: “In the end, OAuth is something we all need and this is why this specification remains important. The genius of OAuth is that it empowers people to perform delegated authorization on their own, without the involvement of a cabal of security admins. And this is something that is really quite profound.”
Still, obvious questions remain: Is OAuth 2.0 a solid protocol for authentication? Should I stop building security architecture around such a tainted specification? What other means are there for authentication if OAuth has become too focused on the enterprise? Francois Lascelles will address these questions as well as discussing and commenting on the recent OAuth 2.0 draft approval during our next live Tech Talk, on August 7. Make sure you add this Tech Talk to your calendar, if you want to get the event details and a reminder on the day.
On the day of the event, join on Livestream or Facebook:
And if you’d like to submit some questions: