

Oz, from Eran Hammer-Lahav (core contributor to OAuth) - swampthing
https://github.com/hueniverse/oz

======
pilif
> A web authorization protocol based on industry best practices, putting
> mobile and native apps first.

funny. OAuth was initially invented in order to fix the problems of _web
applications_ having to store end-user credentials, so putting the web first.

For native apps, we've long have the problem solved by just doing BASIC auth.

OAuth was in-fact always problematic for native applications (embed web views,
very easily mitm-able) and it always left a sour feeling in my mouth that it's
more about controlling your API clients ecosystem than it is about increasing
the security for the end-users (see twitter)

~~~
tlrobinson
Basic auth doesn't solve most of the problems OAuth attempts to solve, namely
not having to give 3rd parties your password, and more fine-grained
permissions.

------
shrughes
Can this not be named Oz? Oz is the name of a perfectly fine programming
language.

~~~
chimeracoder
There aren't any GitHub tickets on the repo at the moment, so if you hurry,
you may be able to get this renamed to Issue 1.....[1]

[1] For those who don't get the (admittedly poor) joke:
<http://code.google.com/p/go/issues/detail?id=9>

------
tinco
Although I am very excited to see what Eran is going to build, and I am glad
someone posted this so I can follow it and perhaps contribute to it if it
becomes clear that it is indeed worthwhile, isn't it kind of rude to post
someones project to HN before he has even put up a decent README.md?

No one can gain anything from this post except the knowledge that Eran is
working on it, if that wasn't already clear from his past blog post.

Not to make this comment all whiny, do you guys think Eran stands a chance in
making Oz become as popular as OAuth?

~~~
chimeracoder
> Not to make this comment all whiny, do you guys think Eran stands a chance
> in making Oz become as popular as OAuth?

Do I think anybody else stands a chance of making something as popular as
OAuth? No - as jklio pointed out, there are already alternatives that are
likelier to catch on, not to mention OAuth 2.0 itself.

However, if anybody has a chance at adding a new contender to the mix, it's
Eran.

Whether or not he will is another question - it'd be hard to judge either way
until the project is further along.

------
dsl
After the horrible mess that is OAuth, is anyone really expected to give this
a second look?

~~~
SideburnsOfDoom
Yes. Because OAuth takes aim at an important problem area, so having a better
go at it is important.

~~~
yarrel
The barn OAuth aimed at is entirely unscratched.

