Advanced OAuth Wrangling
OAuth is poised to be one of the most important new standards in 2008 for anyone building with identity, social platforms, or APIs. A simple standardization of delegated token auth, OAuth makes it straightforward to offer and consume APIs for a class of data under represented in the current set of API offerings — data about people, data that people want to keep private, and identity itself.
Since we published the OAuth 1.0 Core standard (Nov. 2007), Google, Yahoo!, MySpace, Twitter, Digg, Pownce, Hyves, and many more have all announced their support. In 2008, if you want to mashup a person’s Digg history, their Google friends, their favorite photos on Flickr, and send it to Twitter, or any variation thereof, you’ll be using OAuth.
So you’re interested. Now its time to take the next step.
This talk covers why we designed OAuth the way we did, why it works, when it works, and when it doesn’t. And more importantly, how to make OAuth work for you and your project.
Using real world examples from our experience running OAuth predecessor Flickr Auth, the OAuth standardization process, and work on the new FireEagle API from Yahoo!, the talk will cover:
How to use OAuth in a mobile environment
How OAuth is useful for open source tools
How to adapting existing APIs to use OAuth
Security considerations, and implications
How to extend and adapt the OAuth specification to your needs
Bring your own OAuth questions, troublesome API, and architecture puzzlers, and we’ll see if we can wrangle those as well.