I've spoken about OAuth from the prospective of PRISM, but I would like a discussion about it in the broader sense. OAuth would allow for people to use their LFS credientals on any related LFS site that wishes to make sure that you have an LFS account. You (Victor) and the client can control what information is given out about their account. This would allow for polls to be taken from the membership at the community awards each year without people cheating because we could ensure that each client really has an LFS account. It would also provide authenication to prove that you have a license on other websites, or could be used within admin systems like PRISM to allow them to access their server and admin them remotely from within a PRISM install.

It is hard to overstate my satisfaction with this post.

It's a nobrainer.

Same here. On the site we're working on we're going to require proof of ownership to each game username they wish to register. That could only be done with the help of the various game developers allowing our user to prove ownership by verifying an account with OAuth, and if that comes back with a green light then we associate their different gaming usernames with their site username.

I highly recommend watching http://vimeo.com/52882780 - from the mind that coordinated efforts on OAuth and the man that gave up working on OAuth2.

I'm not a fan of implementing OAuth clients, but I don't believe there's a sane alternative - yet.

As long as it's comparable with Google's / Facebooks OAuth platform I'm not really that worried. It's pretty easy to get them up and running.

Just looked at the video that TAA posted, I still think OAuth is the way to go, OZ wants the client's username and password and then let's the implementation do what it needs to do with that information. I would much prefer to not give out the keys to my account to every website that want's to confirm my authenticity with this account. I feel that it gives one account power over the other, and I want to avoid that.

Apparently from the video, OAuth 1.0 is the way to go, OAuth 2.0 is fine if you know cryptography, but that is something that Victor is going to have to decide if he want's to implement. The only information that we need is, is this client that's talking to me really have ownership over the LFS account. That's all of the information that I want, and we can do that with OAuth 1.0 just fine.