- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 28 Jul 2012 10:44:27 -0400
- To: Web Payments <public-webpayments@w3.org>
Eran Hammer has just resigned as the lead editor and driver for the OAuth 2.0 specification... here's the article explaining why: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ A couple of excerpts: "It is the biggest professional disappointment of my career." "2.0 got rid of all signatures and cryptography at the protocol level. Instead it relies solely on TLS. This means that 2.0 tokens are inherently less secure as specified." "Whatever is gained from the removal of the signature is lost twice in the introduction of the token state management requirement." "we are also likely to see major security failures in the next couple of years... It will be another hated protocol you are stuck with." This is coming from the primary person that has driven the OAuth work since its inception... food for thought. I wouldn't claim that Web Keys is a replacement for OAuth (although, it can be used as such)... but for people that need to use both Linked Data and an easily verifiable message format - Web Keys will do a better job for you than OAuth will. Food for thought... -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) Founder/CEO - Digital Bazaar, Inc. blog: Which is better - RDFa Lite or Microdata? http://manu.sporny.org/2012/mythical-differences/
Received on Saturday, 28 July 2012 14:44:51 UTC