Author: Joss Winn

I work in the School of Education at the University of Lincoln.

Podcast interview: Is OAuth 2 the Devil?

Joss Winn / / In depth, Talk

Alex Bilbie and Zackary Blank come on the show to talk about OAuth 2, which has been getting a lot of flamey bad press over the last year or two after the original author quit the project.

Why these guys? Well, Alex until recently was working at the University of Lincoln where they did a whole bunch of OAuth 2 work as auth for various API projects at the university. During this time he created the fully spec compliant CodeIgniter OAuth 2.0 Server, which was later replaced with a new generic PHP version for “The League of Extraordinary Packages”. It’s safe to say that Alex knows his shit when it comes to OAuth.

Read more and listed to the podcast

OAuth Case Study: A review into the uses of OAuth in higher education

Joss Winn / / Announcements, Overview

The Linkey project has two main deliverables:

  1. Open source PHP libraries for OAuth2.0 clients and servers. Our code has been available for some time and is discussed in a previous post.
  2. A case study, which discusses the protocol and its uses.

Here is our case study.

Download the Case Study (PDF)

Read the Case Study online (Google Doc)

We welcome comments on the Case Study and invite you to leave them here on this blog post. Alternatively, you can contact us directly.

Update 26th November

Joss Winn / / News

Last week, after finally getting access to one of the new UAG servers I’ve begun working through Microsoft forefront UAG 2010 Administrator’s Handbook which details how to configure the software and hook different applications up to it. I’m not quite in a position to write anything more detailed than this at the moment but hopefully later in the week there will be more to say.

Open Athens LA is being installed by ICT. This will improve the flow of metadata between the university and services. It will also reduce the number of authentication screens for users.

Last week I started writing the case study about institutional uses of OAuth. I’ve written about 1800 words so far and I anticipate writing in the region of 5000-6000 words. I’m intending to have a first draft finished by the end of January when Chris Brown the programme manager for JISC AIM will be visiting us for the day to look over it and help us plan the last few months of the project.

This week I’m going to review Hawk, which is a new HTTP authentication standard by Eran Hammer. It is basis of another standard, Oz which Eran is proposing as an alternative to OAuth.