> A web authorization protocol based on industry best practices, putting mobile and native apps first.
funny. OAuth was initially invented in order to fix the problems of web applications having to store end-user credentials, so putting the web first.
For native apps, we've long have the problem solved by just doing BASIC auth.
OAuth was in-fact always problematic for native applications (embed web views, very easily mitm-able) and it always left a sour feeling in my mouth that it's more about controlling your API clients ecosystem than it is about increasing the security for the end-users (see twitter)
Basic auth doesn't solve most of the problems OAuth attempts to solve, namely not having to give 3rd parties your password, and more fine-grained permissions.
Although I am very excited to see what Eran is going to build, and I am glad someone posted this so I can follow it and perhaps contribute to it if it becomes clear that it is indeed worthwhile, isn't it kind of rude to post someones project to HN before he has even put up a decent README.md?
No one can gain anything from this post except the knowledge that Eran is working on it, if that wasn't already clear from his past blog post.
Not to make this comment all whiny, do you guys think Eran stands a chance in making Oz become as popular as OAuth?
> Not to make this comment all whiny, do you guys think Eran stands a chance in making Oz become as popular as OAuth?
Do I think anybody else stands a chance of making something as popular as OAuth? No - as jklio pointed out, there are already alternatives that are likelier to catch on, not to mention OAuth 2.0 itself.
However, if anybody has a chance at adding a new contender to the mix, it's Eran.
Whether or not he will is another question - it'd be hard to judge either way until the project is further along.
Well Hammer-Lahav calls it "the biggest professional disappointment of my career" on his blog[1] so I guess he's aware of that aspect (more[2]).
The Mozilla Foundation's Persona[3] looks to be further along in terms of code and in terms of other people using it[4], differences with OpenID are partially described here[5]. Regardless of quality I think someone flying solo is going to have a hard time getting ahead of Persona at this point.
And with no documentation? And frankly a nothing description of what it does or how it works even at a high level.
edit: sigh, I put my mouth before my brain sometimes. I guess I accidentally criticized someone working in the open rather than an announcement of an undocumented web protocol.
To be fair, I just came across this and thought it would interest some HN readers. I don't know that the author's made any claim that it's ready for mass consumption.
During his talk yesterday at KRT conf he said he is releasing it into the wild early so that it can be truly opensource, with discussion over pull requests and code instead of 'prose' over specs. So ya, i would say it's a good time to show HN.
