Basic auth for your web services sucks for several reasons. OAuth is a standard protocol for doing token based auth, similar to how flickr auths their desktop apps. OAuth is also an ideal companion to openid, as it doesn't require a local username/password. In this talk we'll take a closer look at how OAuth is built up, as well as look into how you can easily use OAuth for your own APIs, with examples in Catalyst well as Jifty and pure mod_perl.

1. Web Services
with OAuth
Nordaaker

2. What is OAuth?
• A simple open standard for
API Authentication

3. Do we need it? We’ve got OpenID
★ Not a replacement, a complementary API.
★ OAuth is Authorization, Openid is
Authentication
★ OpenID users don’t have passwords, so
can’t ask them for that when they try to
access the API
★ OAuth is token based, does not require
password

4. A bit more about OAuth
★ Not a new idea - FlickrAuth, Google
AuthSub, BBAuth, etc.
★ Open Standard - http://oauth.net/
★ Wide industry support
★ AOL, Eye-Fi, Facebook, Garmin, Google,
LinkedIn, Ma.gnolia, Microsoft, MySpace,
Plaxo, Pownce, Salesforce, Songbird, Veodia,
and Yahoo!. and more!
★ Easy to understand
★ Easy to implement