OAuth IETF Charter

[oauth] Another Charter Text Update

    OAuth allows a user to grant a third-party Web site or application
access to their resources, without necessarily revealing their
credentials, or  even their identity. For example, a photo-sharing site
that supports OAuth would allow its users to use a third-party printing
Web site to access  their private pictures, without gaining full control
of the user account.

OAuth consists of:
  * A mechanism for exchanging a user's credentials for a token-secret
pair which can be used by a third party to access resources on their
behalf.
  * A mechanism for signing HTTP requests with the token-secret pair.

The Working Group will produce one or more documents suitable for
consideration as Proposed Standard, based upon
draft-hammer-oauth-00.txt, that  will:
  * Improve the terminology used.
  * Embody good security practice, or document gaps in its capabilities,
and propose a path forward for addressing the gap.
  * Promote interoperability.
  * Provide guidelines for extensibility.

This specifically means that as a starting point for the working group
OAuth 1.0 (draft-hammer-oauth-00.txt) is used and the available
extension  points are going to be utilized. The WG will profile OAuth
1.0 in a way that produces a specification that is a backwards
compatible profile,  i.e. any OAuth 1.0 and the specification produced
by this group must support a basic set of features to guarantee
interoperability. 

It looks like OAuth is heading to the IETF, which is great news, but does amuse me since I was told by some of those involved with OAuth that they weren't going to bring it to the IETF since they "wanted to move fast." That was over a year and a half ago.