I'm admittedly unable to assess the situation, but from what I gather from people who can, there will be N implementations of OAuth 2.x anyway, all non-interoperable. One may just as well literally fork the standard, fix it, implement the fixed spec and release that. If it ends up more useful than both OAuth 1.0 and OAuth 2.0 then people will hopefully use it. If not, we'll have a broken standard anyway.
but 1 thing about oauth2. It's damn small and easy. There is nothing to "fork" in it. This is why we need to fix 2 vulns(from my post) and make it slightly more interoperable.
@homakov - will you host bare repo on github? (possibly you are and I missed that bit)
We are working around oauth, but the user experience for someone trying to use our scripts is horrible, a multistep process that requires a technical person (too much for some of our customers).
Otherwise, these discussions are pointless.
You can build protocols with your fellow smaller companies that have a pressing need to make something work with you, as I believe was the case with OAuth itself (Magnolia and Twitter) and OpenID (I believe LiveJournal and DeadJournal).
If it's good and people are using it well, and you talk about it openly and involve others, it can create its own momentum and become a standard. If not, well, whatever. At least you've moved your own business forward with your partners.