I was looking up what others had done in the way of making a Box.com client for Linux (there is none, just mount your folder with WebDAV). Apparently, a client proper accesses your account using the OAuth 2.0 protocol. I briefly looked at what it might take to whip up something of my own devising, perhaps with a bash script or my budding Pascal skills, when I came across a OAuth library for Delphi/Lazarus (which I can't find now) and decided to look up Oauth and see how difficult it might be to implement.
I stumbled across this article written by one of the principle authors of OAuth, Eran Hammer, who abruptly quit OAuth last year after 3 years of dealing with the process of working up OAuth 2.0 to a proper IETF standard. Scary. I don't think I have enough Jedi skills to get very far with this...
This is a case of death by a thousand cuts, and as the work was winding down, I’ve found myself reflecting more and more on what we actually accomplished. At the end, I reached the conclusion that OAuth 2.0 is a bad protocol. WS-* bad. It is bad enough that I no longer want to be associated with it. It is the biggest professional disappointment of my career.
http://hueniverse.co...nd-the-road-to-hell/He is actually kinder to the IETF board members in the comments, and clearly he was frustrated with the process as much as the enterprise goons.
Opinions?
