So seems like all the heavy weights are going moving towards adoption of OpenID and OAuth.
Twitter today started beta testing OAuth why should you care? Well for one pretty much all Twitter users use some sort of client to interact with Twitter or use 3rd party services like RTM if you want to use these services you are required to give that service your username and password, ok big deal you say this is not a problem is it? It is let’s say you become suspect of the third party after awhile maybe Microsoft buys them out or something now you have to sever ties, using the none OAuth method you have to change your password or else the 3rd party service would still have access, with OAuth you just kill the service no data is stored with them quick and easy.
Many people including me get confused with the OpenID/ OAuth thing. Is OAuth OpenID? Answer No.
OAuth and OpenID
OAuth is not an OpenID extension and at the specification level, shares only few things with OpenID – some common authors and the fact both are open specification in the realm of authentication and access control. ‘Why OAuth is not an OpenID extension?’ is probably the most frequently asked question in the group. The answer is simple, OAuth attempts to provide a standard way for developers to offer their services via an api without forcing their users to expose their passwords (and other credentials). If OAuth depended on OpenID, only OpenID services would be able to use it, and while OpenID is great, there are many applications where it is not suitable or desired. Which doesn’t mean to say you cannot use the two together. OAuth talks about getting users to grant access while OpenID talks about making sure the users are really who they say they are. They should work great together.
I have said this before if a UBC created an OpenID service along side the CWL we could get our WordPress and MediaWiki rolling in hours vs weeks/months it takes to develope and get approved a CWL SSO service. WordPress and MediaWiki both have plugins/extensions for this. We could limit users just to the UBC providers so it would work the same as CWL.