OAuth is not a protocol


Web, OAuth

Though this post is obviously triggered by the recent damnation of OAuth 2.0 by the (former) spec editor Eran Hammer, it's not directly related to it. These are my thoughts about the technical role of OAuth that I wanted to blog about a year ago but couldn't force myself to ...

Difference between OpenID and OAuth


Web, OAuth, OpenID

Surprisingly there's much confusion between "OpenID" and "OAuth". People tend to use them as interchangeable terms or consider OAuth as a kind of a new and improved version of OpenID. In fact they are quite different things. I decided to write down my explanation to have a place to link ...