OAuth: New Chain Grant Type

I posted a new Internet Draft, the "Chain" grant draft today for the consideration of the OAuth2 working group. The specification defines a new grant type that enables an OAuth protected service to in turn act as an OAuth client to another OA…

New: “OpenID, Successful Failures And New Federated Identity Options”

Though there’s still a creepy fuzzy anonymous head where my picture is supposed to be, I’ve got my first post up on the Forrester Research Security & Risk blog. It discusses the recent 37signals decision to stop using OpenID and the larger “b…

I “like” you, but I hate your apps – Part 3: Controls and a look at the market

Happy Data Privacy Day! Or if you are in the EU – Happy Data Protection Day!
In my last post I talked about the desires of all the parties involved in this new style of relationship, one in which, not only you and I are involved, but also your apps. …

Wishing you a happy, healthy, user-managed new year

Thanks to Domenico Catalano (@DomCat) for putting together this lovely and geeky holiday message! And thanks to all the UMAnitarians for their contributions of passion, business problem-solving, and technical know-how to the User-Managed Access work.