After generating 7g CO2, I find the answer what OAuth is.

Nowadays, many luxury cars come with a valet key. You can give this key to someone who helps you parking your car. This key is different from the original car key, it can only open one of the doors of the car, or can allow you to drive a mile or 2. Make it simple, OAuth is trying to apply this concept in authentication on the Internet. The web applications nowadays, connect to many other web applications. Sometimes, the web app will ask for your username and password to access other applications. When you agree to give your secret credentials, you are allowing them to have full access to your information on other site. You will never know what they have done after receiving your credentials, they can even change your password if they want!

As a result, “OAuth is about giving access to your stuff without sharing your identity at all (or its secret parts).”, from the about page in OAuth official site.

Twitter is now developing its OAuth provider based on the OAuth protocol. This is an interesting approach to authenticate on the Internet. I can’t tell much about the protocol because I just heard this an hour ago, but it is really a cool idea. I will take a look on the design of OAuth protocol and share some of my opinions later. It is worth to grab a piece of its spec and take a look.

Happy Chinese New Year! Wish we can have more interesting security stuffs to share in the coming year.

ps. The idea actually is not new. OAuth is the standardization and combined wisdom of many well established industry protocols. There are some implemented protocols (eg. Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, Amazon Web Services API, etc) you may be interested to take a look.

Enjoy!

Reference:

• Official site of OAuth