OAuth Core 1.0 Final Draft is out — now build stuff!

OAuth token -- not a final logo! by Chris MessinaI should have pushed this post out yesterday and no latter than earlier today, but what are you gunna do, y’know?

Anyway, I spent most of the day in #OAuth with Eran, Gabe and Mark Atwood and others plotting the release of the news about our release of OAuth Core 1.0 Final Draft. This news after three previous public drafts culminating the collective effort leveraged over four months of regular meetings, intense discussions and negotiations and constantly reminding ourselves to keep the scope creep to an absolute minimum.

We overhauled the website, got the blog going (with an official press release!), some initial tumbles, added some content to the wiki and ended up with an excellent Getting Started guide and an Introduction provided by Eran.

All in all, I want to quickly point out the technologies that are making this effort possible with just a small group of admin-advocates:

Without this technology and how far collaborative technology has come in just two years, it wouldn’t be possible for us to be moving as fast as we are and making as much progress as we have been, consistently, with as few person-hours as we have at our disposal.

Next steps

Of course, even with this Final Draft out, we’re only getting started. There are a number of things that still need to be done, and these are a few off the top of my head (I’m maintaining my personal list here if you want to help out):

  • Get the logo figured out. I’ve pinged like five guys about this. Why y’all gots ta be so busy! If you have an idea, please post it to the Flickr group. I’m patient on this one though.
  • Implement support for OAuth! If you can, replace your proprietary API access delegation protocol with OAuth. If you don’t code (like me!) add software that you think could benefit from OAuth to the Advocacy page.
  • Help improve the libraries. A bunch of folks have worked on the first open source implementations of OAuth but we need more testers, more implementors and more folks to get code running in the wild.
  • Spread the word! This is a grassroots-lead effort and if it’s going to be successful, has to spread from the bottom up. Early reviews suggest that the spec is clear and easy to implement. If you can promote this open protocol within your organization and get it adopted, please do…! And then blog it and point me to it so I can tumbleblog it!

I’m sure there’s more that needs to be done, but this is what I got now (yes Gabe, we still have to deal with IPR… I’m on it!).

Making history visible as it happens

I’d like to close by making a point of process explicit for the benefit of those just tuning in. Two defining aspects of successful community efforts with which I’ve been involved are 1) the ability of an enthusiast to tell a story about why some idea or technology is personally meaningful to her 2) and a large body of collected wisdom, notes, drafts, paper trails, ideas, struggles and all the things that went into the final product. Math teachers force you to show your work for a reason: it’s oftentimes not the answer that’s interesting, it’s how you got there.

So, I’m making explicit my intention to be as transparent, straight-forward and forthcoming about my experiences helping to usher OAuth forward. I’ve not really done this kind of thing before, but being surrounded by brilliant and talented people seems to bring out the best in me. That and I’ve watched what’s happened in the OpenID community for over a year now and, for what it’s worth, I want to avoid getting dragged down into endless loops and debilitating scope creep. In fact I’ve not been involved with the OpenID community for months because of this kind of stuff and I want to expressly make an effort to document openly the approach we take with OAuth to see if we can’t avoid the same fate.

Cheers and congrats to all the folks who helped to make this happen. It might be a relatively minor step in terms the development of new technology today, but looking out long enough into the horizon, I think we’re adding a significantly important piece of puzzle that’s been missing for some time.

Author: Chris Messina

Head of West Coast Business Development at Republic. Ever-curious product designer and technologist. Hashtag inventor. Previously: Molly.com (YC W18), Uber, Google.

14 thoughts on “OAuth Core 1.0 Final Draft is out — now build stuff!”

  1. Congrats on the work and final draft. I’m always amazed by your work Chris and especially with collaborating with other great minds for OAuth. Hoping to see it widely adopted.

  2. I’ve been reading through both your introductory piece and the spec today and it looks great. I’m really hoping that we’ll be able to implement this soon at clipmarks to provide access to clips via 3rd party apps without having to log in every time or piggyback on top of an existing browser session.

    The problem of accessing resources from a site without giving your full login info away is one that every API and mash-up developer will face, and I have a feeling people will descend on this idea and start implementing it in droves once they realize how powerful it is.

    Great, great work. Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: