OAuth 2.0 :: RFCs 6749 and 6750

Three years after the release of OAuth WRAP, OAuth 2.0 is finally an official standard as IETF RFCs 6749 and 6750.

The inspiration for OAuth was to standardize how users authorize a site or application (the client) to access data at another site (the resource server). Clients wanting to access data on a resource server would ask the user for their credentials so that they could call the API or scrape the site – a horrible practice from a security point of view.
Continue reading “OAuth 2.0 :: RFCs 6749 and 6750″

BrowserID: Will it Succeed Where OpenID Failed?

The Mozilla Identity Team  recently released BrowserID, a user-centric identity initiative that uses email as the identifier. The Drupal community, typically quick to support open identity protocols, released support within 24 hrs, which shows how easy it is to implement.
Continue reading “BrowserID: Will it Succeed Where OpenID Failed?”

Putting Sxipper Down

Today we are informing all users of Sxipper that we will be shutting down the sxipper.com servers and not updating Sxipper to Firefox 4.0.  The writing has been on the wall for a while that Sxipper might be put to rest and it was a hard decision to make. It has been over two years since Sxipper has learned any new tricks, and with the release of Firefox 4.0, we can’t justify teaching Sxipper about the new platform.
Continue reading “Putting Sxipper Down”

OpenID: Identity Service or Identity Platform

At the last OpenID Foundation board meeting I gave the presentation below. I had hoped to have posted this sooner, but my dearth of video skills meant recording to video was significantly harder than creating the presentation — which was non-trivial itself. Unfortunately Joseph Smarr and I will not be on the OIDF board this year due to some confusion on when nominations ended. While I will miss being able to contribute to OpenID at the board level, I won’t miss the politics.
Continue reading “OpenID: Identity Service or Identity Platform”