Advanced OAuth Wrangling

OAuth is poised to be one of most important new standards in 2008. A simple standardization of delegated token auth, OAuth makes it straightforward to offer and consume APIs for a class of data under represented in the current set of API offerings—data about people, data that people want to keep private, and identity itself. We put the final touches on OAuth 1.0 in late 2007, and 2008 has already brought a rush of adoption of companies like MySpace, Google and Yahoo to Twitter, Pownce, and Mag.nol.ia.

So you’re interested. Now its time to take the next step.

This talk briefly cover why we designed OAuth the way we did, why it works, when it works, and when it doesn’t. Then we get to meat, twisting OAuth to work for you.

Using real world examples from our experience running OAuth predecessor Flickr Auth, the OAuth standardization process, and work on the new FireEagle API from Yahoo, the talk will cover:

• How to use OAuth in a mobile environment.
• How OAuth is useful for open source tools?
• How to adapting existing APIs to use OAuth
• Security considerations, and implications
• How to extend and adapt the OAuth specification to your needs.

Bring your own OAuth questions, troublesome API, and architecture puzzlers, and we’ll see if we can wrangle those as well.