The lead author and editor of the OAuth 2.0 network authorisation standard used by Facebook, Twitter and Google has downed tools and walked out, taking his name off the specification in the process.

At the end, I reached the conclusion that OAuth 2.0 is a bad protocol,” Hammer writes. “WS-* bad. It is bad enough that I no longer want to be associated with it.

via OAuth 2.0 standard editor quits, takes name off spec • The Register.

Eran Hammer suggests that the working group had been unable to reach a consensus on anything for some time.  This has resulted in a specification that is a “designed-by-committee patchwork of compromises”.

That’s the trouble with “working groups” and indeed any group of individuals working on a project. Everyone attends a meeting with their own agenda and if there is nobody leading with authority, you’ll get to the end of it having achieved nothing.

Hammer put everything down in a blog post.  It’s a long one, but well worth a read.  Suffice to say, stick with OAuth 1.0.