OAuth

This product was added to computer science because of the content, defects on the quality assurance side of the editor. This is done to bring the quality of the articles from the computer science subject area to an acceptable level. Help us to eliminate the substantive shortcomings of this article and take part you in the discussion! ( ) Reason: comprehensibility least questionable. Procedure / theory behind OAuth is not apparent. - 188.99.239.52 15:12, April 25, 2012 (UTC)

OAuth is an open protocol that allows a standardized, secure API authorization for desktop, web and mobile applications. It was initiated by Blaine Cook and Chris Messina.

An end user (User), with the aid of this Protocol an application ( consumer) to access its data permit (authorization), which by another application (service) are managed without revealing all the details of his admission to the other application ( authentication). The end user can then contract them out and authorize to be increase from them the practical value of applications. Typically, the transmission of passwords to third parties is avoided.

Terms

History

OAuth was launched in November 2006, when Blaine Cook developed the OpenID implementation for Twitter. At the same time Ma.gnolia needed a solution that allowed its users with OpenIDs to authorize Dashboard Widgets to use their services. Therefore, Blaine Cook, Chris Messina and Larry Halff of Ma.gnolia met with David Recordon to discuss the use of OpenID with the APIs of Twitter and Ma.gnolia for the Delegation of authentication. They agreed that there was no open standard for an API Zugriffsdelegierung at this time.

The OAuth Internet Forum was established in April 2007 for a small group of implementers to write a draft proposal for an open protocol. DeWitt Clinton of Google OAuth heard of the project and expressed his interest in supporting these efforts from. In July 2007, the team published a first draft specification. On 3 October 2007 the OAuth Core 1.0 draft was published.

On the 73rd IETF meeting in Minneapolis in November 2008, a Birds of a Feather held to discuss the introduction of the protocol in the IETF for further standardization work. The event was well attended and there was broad support for the establishment of an OAuth working group in the IETF.

Security

On 23 April 2009 a vulnerability in the protocol was discovered. They covered the OAuth authentication flow (also known as Three-legged OAuth ' (English 3- legged OAuth ) ) in the OAuth Core 1.0 Section 6 End of July 2012 stated Eran Hammer, an editor of the specification document for OAuth 2.0, his resignation. In a statement, he writes that OAuth 2.0 " more complex, less interoperable, less useful, incomplete and above all less safe " is compared to 1.0.