A lot has changed about the state of OAuth since I last presented at RSA Conference. Last year, the enterprise was screaming for standardized mechanics to provide access control to their APIs. Back then, OAuth was merely on the Enterprise Architect’s radar. It’s now safe to say that OAuth 2.0 is poised to fill this gap.
OAuth 2.0 is rich –different token types to accommodate different styles. The ‘bearer’ token type provides the simplicity of cookies, the ‘mac’ token type provides the security of hmac signatures. OAuth 2.0 also defines many different flows to accommodate different situations, involving either two or three parties.
Because this rising standard addresses so many use cases, the infrastructure supporting it must remain flexible to cover all of the benefits.
Let’s talk OAuth, see you @RSAConference London, Oct 13 2011 STAR-305.