On Fri, Mar 22, 2013 at 8:59 AM, Yuri Astrakhan
<yastrakhan(a)wikimedia.org> wrote:
There was a discussion recently about OAuth, and I
just saw this blog
post<http://insanecoding.blogspot.com/2013/03/oauth-great-way-to-cripple…
(posted
on
slashdot<http://tech.slashdot.org/story/13/03/22/1439235/a-truckload-of-…)
with some heavy criticisms. I am not an expert in OAuth and do not yet have
a pro/against position, this is more of an FYI for those interested.
OAuth has ... plenty of issues ... ;) but it has its place.
That place is *specifically* in authorizing third-party web
applications to get partial access on behalf of a user without getting
unfettered access to their credentials -- something that should be
useful for wiki-related tools such as on Toolserver and Labs, or on
other third-party hosting.
It shouldn't be used for mobile or desktop apps. It can't replace
CentralAuth. It can't replace login. It can't replace OpenID. And it
shouldn't be shoved into any of those things where it won't fit. :)
-- brion