Friday, July 27, 2012

Is OAuth 2.0 sinking?

I just read a CNet article about Eran Hammer-Lahav leaving his role as Lead of the OAuth2.0 specification. Eran had put 5 years of effort in to developing OAuth 2.0. It seems to be another story of Enterprise needs complicating a workable standard in to un-usability. It is a real shame.
When you look at the history of the Internet it is the simple standards and protocols that have succeeded. Take SOAP v. REST for example. Amazon supported both standards and the market spoke. About 98% of their transactions were accomplished using the simpler REST protocols. Simple wins. Simple is easier to adopt. 

The aim of OAUTH 2.0 is laudable. We absolutely need simple authentication that works pervasively across the Internet. We need portable user authentication. The more complex you make Authentication the less secure it gets. 

I wish Eran success as he turns his focus to new endeavors.