Back to News for Developers

Evolving OAuth via the Open Web Foundation

November 17, 2009ByDavid Recordon

Over the past few years, we've worked hard to open source large pieces of our infrastructure such as Thrift, Scribe, and Hive, as we continue to take steps to support the open community and build a scalable, secure, and sustainable identity platform. Along with the code itself, what makes it possible for you to freely use these technologies is a set of well known open source software licenses such as Apache, BSD, and GPL. When it comes to open standards, this same sort of legal structure does not yet exist. About a year ago, we supported the creation of the Open Web Foundation in an effort to make it easier for diverse communities to create open specifications for the next generation of web technologies. Just as there are well known software licenses for open source software, the Open Web Foundation announced today that they've produced what will hopefully become a well known legal agreement for open standards.

Today we join Google, Microsoft, Yahoo!, and others within the Open Web Foundation community in publishing this agreement and applying it to an initial set of specifications. We all have made the OAuth Core 1.0a and OAuth WRAP specifications available under the terms of version 0.9 of the Open Web Foundation Agreement. At a high level this means that we're helping to ensure OAuth can be freely and broadly implemented by anyone -- large companies, individual developers, and open source projects -- around the world. While we're starting with OAuth today, we intend to make additional technologies available under the terms of this agreement in the future.

Switching gears to the technology, we currently use OAuth 1.0a which allows us to use the same code when interacting with APIs from Google and some of our other partners. For instance, two weeks ago Facebook engineer Luke Shepard and I worked with many folks in the OAuth community at the Internet Identity Workshop on how it could support many of the flows within Facebook Connect that our developers use every day. Several companies and individuals involved in OAuth efforts have started working on the next evolution of OAuth, known as OAuth WRAP.

While you might not have heard of OAuth WRAP until today, we're quite supportive of the effort. In fact, we intend to contribute to it, and hope to see the technology become part of the next generation of OAuth within the IETF.

David Recordon, senior open programs manager, needs all of your help to create an open, standardized, social web. (want a job?)