The IESG has approved the following document: - 'The OAuth 1.0 Protocol ' <draft-hammer-oauth-10.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Lisa Dusseault. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-hammer-oauth-10.txt Technical Summary OAuth provides a method for Web clients to access Web server resources on behalf of a resource owner (such as a different client or an end- user). It also provides a process for end-users to authorize third party access to their server resources without sharing their credentials (typically, a username and password pair), using user- agent redirections. Working Group Summary This is not a WG product. However, it was reviewed by the OAUTH WG. The OAUTH WG is working on a standards track revision of OAUTH, but in the meantime, this is a useful work product because it fixes several errata in the pre-IETF version of the protocol and establishes an IETF-reviewed specification for the community-implemented protocol. Document Quality There are many existing implementations of this specification, because it was the subject of an ad-hoc "standardization" effort involving quite a few individuals and implementors. Personnel Lisa Dusseault is the sponsor of the document. Note to RFC Editor Please make the following changes in the published RFC OLD: The OAuth protocol was originally created by a small community of web developers from a variety of websites and other Internet services, who wanted to solve the common problem of enabling delegated access to protected resources. The resulting OAuth protocol was stabilized at version 1.0 in October 2007 and published at the oauth.net website [1]. This specification provides an informational documentation of OAuth Core 1.0 Revision A as finalized in June 2009, addressing several errata reported since that time, as well as numerous editorial clarifications. It is not an item of the IETF's OAuth Working Group, which at the time of writing is working on an OAuth version that can be appropriate for publication on the standards track. NEW: The OAuth protocol was originally created by a small community of web developers from a variety of websites and other Internet services, who wanted to solve the common problem of enabling delegated access to protected resources. The resulting OAuth protocol was stabilized at version 1.0 in October 2007, and revised in June 2009 (revision A) as published at <http://oauth.net/core/1.0a>. This specification provides an informational documentation of OAuth Core 1.0 Revision A, addressing several errata reported since that time, as well as numerous editorial clarifications. While this specification is not an item of the IETF's OAuth Working Group, which at the time of writing is working on an OAuth version that can be appropriate for publication on the standards track, it has been transferred to the IETF for change control by authors of the original work. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
