Yesterday a spec was released that solves one of the internet identity problems: how do you let an app access your account at a web service without giving it your username and password. Yahoo, AOL, Flickr and Google all had a slightly different approach to solving this problem, which created additional overhead for developers. OAuth has a site here, and Eran Hammer-Lahav wrote a good background piece here. Could the spec be better? Sure. Does it get the job done? Definately.
What is interesting about this specification is how it was developed. A number of people were at Mashup Camp and decided to work together to solve the problem. A post was made on one of the OpenID lists which raised awareness amongst the identirati and a core group of participants got to work.
Leah Culver from Pownce and Blaine Cook from Twitter did not want to reinvent a solution, and being high profile web 2.0 sites, were able to drive a conclusion to discussion by insisting they needed a spec real-soon-now or they would need to come up with their own. The consummate Web 2.0 rainmaker Chris Messina greased the wheels while Eran of Hueniverse stepped up and did a ton of work editing and consensus building. George Fletcher from AOL was tracking the spec, and there was surprising participation from Google heavy weights John Panzer and Ben Laurie. There were lots of other people involved of course, and the core group was somewhat closed about letting other people in, but at the end of the day a spec was agreed to in only a few months. This is how the internet was built in the old days. It is great to see the tradition continuing today.
Just a note on the timeframe; MashupCamp was once place where OAuth was introduced to a wider audience – the first implementation of OAuth (then called "api_application_controller.rb") was done over xmas last year while I was hiding from the rain at home in Vancouver, as an attempt to synthesize Flickr Auth, Google AuthSub, and BBAuth. In early June, after several months of false starts, Kellan Elliot-McCrea and I wrote down the initial draft based on the implementation I had, and the initial OAuth meetings from early April forward.
That said, community building is hard work, and I’ve been incredibly impressed at the amount of dedicated work that’s been put forward at building consensus around this idea in such a short period of time (even if it was more like 10 versus 3 months). The process around OAuth has definitely been more than in the pure-extraction Microformats community — the comments and improvements to the spec that were put forward by the fantastic community of almost 200 people that are on the "private" working group list (soon to be "public") were at times overwhelming, but always productive. Eran really deserves immense kudos for his writing and editing that brought the spec to a stable version. Despite whatever minor issues that the spec still has, I’m confident that OAuth will see rapid uptake thanks to the excellent consensus building work that Chris and Tara at Citizen Agency are famous for, and look forward to improving upon it in the future.
Thanks for the clarifications Blaine!
I agree, well said. Very good website.