A friend sent me Eran Hammer’s post about his stepping away from the OAuth 2.0 spec. My friend seemed to think this was an indictment of OAuth, but I think it’s more an indictment of the standards process in general. I had a front row seat for the definition of several versions of the SQL standard and ‘s accounts of the shenanigans by the participants were quite familiar.
But the shenanigans doesn’t mean that the SQL standard was a failure. I think that it did well at making SQL the ubiquitous query language and I think that OAuth too will survive. It may not create the frictionless interoperability envisioned by Eran, but companies will implement versions of OAuth and other companies will deal with the fact that implementations differ slightly.
Why? Well, it still beats the alternative: SAML and Federated Identity.