Justin Richer
2016-05-05 19:20:32 UTC
This just passed across my desk, something called TAuth:
https://blog.teller.io/2016/04/26/tauth.html <https://blog.teller.io/2016/04/26/tauth.html>
Basically, the story is âOAuth is hard, so we made our own thingâ. Unfortunately, the new thing requires mutual TLS, non-expiring tokens, and a proprietary (as best as I can tell) signature stack. So from my view, itâs already dead in the water a few different and complex ways, but Iâm sure some marketing folks will be pushing it around as the alternative to OAuth.
The article above is full of half-truth, like the true statement âself-contained encrypted tokens canât be revokedâ which leads to âso you shouldnât use OAuth if you want fast revocationâ.
But if nothing else, things like this should encourage us to finish and publish PoP.
â Justin
https://blog.teller.io/2016/04/26/tauth.html <https://blog.teller.io/2016/04/26/tauth.html>
Basically, the story is âOAuth is hard, so we made our own thingâ. Unfortunately, the new thing requires mutual TLS, non-expiring tokens, and a proprietary (as best as I can tell) signature stack. So from my view, itâs already dead in the water a few different and complex ways, but Iâm sure some marketing folks will be pushing it around as the alternative to OAuth.
The article above is full of half-truth, like the true statement âself-contained encrypted tokens canât be revokedâ which leads to âso you shouldnât use OAuth if you want fast revocationâ.
But if nothing else, things like this should encourage us to finish and publish PoP.
â Justin