Technical Summary
OAuth provides a method for Web clients to access Web server resources
on behalf of a resource owner (such as a different client or an end-
user). It also provides a process for end-users to authorize third
party access to their server resources without sharing their
credentials (typically, a username and password pair), using user-
agent redirections.
Working Group Summary
This is not a WG product. However, it was reviewed by the OAUTH
WG. The OAUTH WG is working on a standards track revision of OAUTH,
but in the meantime, this is a useful work product because it fixes
several errata in the pre-IETF version of the protocol and establishes
an IETF-reviewed specification for the community-implemented protocol.
Document Quality
There are many existing implementations of this specification,
because it was the subject of an ad-hoc "standardization" effort
involving quite a few individuals and implementors.
Personnel
Lisa Dusseault is the sponsor of the document.
Note to RFC Editor
Please make the following changes in the published RFC
OLD:
The OAuth protocol was originally created by a small community of web
developers from a variety of websites and other Internet services,
who wanted to solve the common problem of enabling delegated access
to protected resources. The resulting OAuth protocol was stabilized
at version 1.0 in October 2007 and published at the oauth.net
website [1].
This specification provides an informational documentation of OAuth
Core 1.0 Revision A as finalized in June 2009, addressing several
errata reported since that time, as well as numerous editorial
clarifications. It is not an item of the IETF's OAuth Working Group,
which at the time of writing is working on an OAuth version that can
be appropriate for publication on the standards track.
NEW:
The OAuth protocol was originally created by a small community of web
developers from a variety of websites and other Internet services,
who wanted to solve the common problem of enabling delegated access
to protected resources. The resulting OAuth protocol was stabilized
at version 1.0 in October 2007, and revised in June 2009 (revision A) as
published at <http://oauth.net/core/1.0a>.
This specification provides an informational documentation of OAuth
Core 1.0 Revision A, addressing several errata reported since that time,
as well as numerous editorial clarifications. While this specification
is not
an item of the IETF's OAuth Working Group, which at the time of writing
is
working on an OAuth version that can be appropriate for publication on
the
standards track, it has been transferred to the IETF for change control
by
authors of the original work.