Introductions

[Eran Hammer]

Please introduce yourself!

If you made it here, you probably know who I am.

http://hueniverse.com

@eranhammer

EH

[Troy Howard]

Hi, I'm Troy.

--
 
 

[Pedro Felix]

Hi,

My name is Pedro. Currently I'm mostly interested in Web APIs, namely its access control problems. I'm also working on some OAuth 2.0 based designs and implementations.

Looking forward to learn and contribute.

Pedro

[Tamir Duberstein]

Hi, I'm Tamir. Looking forward to helping out with this.

[Dipankar Sarkar]

Hi,

Dipankar here, looking forward to see how this evolves. Have worked with all kinds of OAuth stuff before this ... 

http://www.desinerd.com
@dipankarsarkar

[Keith Ballinger]

Hi,

Keith here. Use to work at Microsoft on Web services and networking, including identity and auth stuff. Now a mobile (android and iOS) and ruby dev by choice who prefers a simple and straightforward json over HTTP for most things.

thanks!

Keith Ballinger

[Michael Jackson]

My name is Michael Jackson. I'm a software engineer currently working at Twitter. I've done quite a bit with node and HTTP in general. My most recent project is a web server for node patterned after WSGI/Rack that I called strata (see http://stratajs.org).

I've been a bit jaded by OAuth in the past and am looking for a cleaner, simpler solution to the problem of auth. I'd love to contribute code (I've done a *lot* of JavaScript) or just give my opinion in general as a consumer of the oz spec.

--

Michael Jackson

@mjackson

[Max Ogden]

I'm Max Ogden from the node community. I wanna build crazy simple distributed systems with node and would love to be on the bleeding edge of oz in that regard.

[Alex Indigo]

I am Alex Indigo, breathing everything web since the beginning of time :)

(mostly node these days)

On Wednesday, October 24, 2012 10:47:32 PM UTC-7, Eran Hammer wrote:

[Jared Hanson]

I'm Jared Hanson, an engineer at Sifteo <http://www.sifteo.com/> working at the intersection of the web and embedded devices, and author of many open source Node.js and front-end JavaScript modules.  Most relevant to this group is Passport <http://passportjs.org/>.

I'm eager to simplify authentication and access control, and looking forward to what can be accomplished with Oz.

Twitter: @jaredhanson

On Wednesday, October 24, 2012 10:47:32 PM UTC-7, Eran Hammer wrote:

[Atilla]

Hello folks, 

Anton here, software engineer at Opera Software. Annoyed by Oauth1, frustrated at Oauth2 and very curious to see what hueniverse is up to after that memorable  ragequit from the Oauth2 spec. 

[Eugen Tudorancea]

Hi, I'm Eugen

I write small distributed Web apps/services, with a focus on education tools

[David Horn]

Hi, I'm David. I'm at Disney. Please don't hold that against me. I also helped out with OAuth at Yahoo for a little bit. Hoping to find a way to contribute in my spare time.

On Wednesday, October 24, 2012 10:47:32 PM UTC-7, Eran Hammer wrote:

[Coenraad Loubser]

Hello Everybunny!

My introduction is hidden as a disclaimer under my first post begging someone to give me a 40 000 ft view everything that has lead you here, hot on the heels of the little white rabbit(s) running free in the fantasy land of this Google Group. 

[Christopher Biscardi]

Chris Biscardi.

Trying to run a startup. Using Clojure/node/Java(droid)/Objc/client-sideJS
Looking for a secure, easy-to-implement solution for my API that is meant to work on iOS, Android and Web.
I feel like OAuth is trying to be DRM (protect the content from the users!) in the sense that if someone steals your phone, you're fucked anyway (just remote wipe it and move on), but OAuth wants it to still be secure.

Right now there's this huge authentication complexity forming in my app that is really not where I want to be in 6 months.

Willing to write any code that I can to move this forward.

CB

On Wednesday, October 24, 2012 10:47:32 PM UTC-7, Eran Hammer wrote:

[Felipe Elias Philipp]

Hi, I'm Felipe. Maintainer of OAuth2 provider for Rails https://github.com/applicake/doorkeeper

Dev is in very early stages, but still some people use it. I wanted to make it a decent lib, but there are so many annoying things about OAuth2 that it makes me feel depressed.

Hope to at some point make it a fork of oz or whatever we come up here :-)

Cheers!

On Thursday, October 25, 2012 7:47:32 AM UTC+2, Eran Hammer wrote:

[Antonio Sanso]

Hi I am Antonio and I am part of the developer team for Apache Amber  (incubator) http://incubator.apache.org/amber/ ( OAuth protocol implementation in Java)

On Thursday, October 25, 2012 7:47:32 AM UTC+2, Eran Hammer wrote:

[Nico Du Plessis]

Hi!

I'm Nico du Plessis, I'm a developer at Glucode where we develop native apps, mostly iOS

On Thursday, 25 October 2012 07:47:32 UTC+2, Eran Hammer wrote:

[justin kruger]

Hello, Justin Kruger @jdavid here.

I implemented the first pop up login flow for OpenID/ OAuth back at MySpace, and architected v2 of their MultiLanguage SDKs for php, ruby, c#, java and flash.  Since then I have been working on consumer web apps, apis, and now I am at a young start up Addvocate.

I love simple clean beautiful, APIs.

I am glad to see a new approach for this.

On Wednesday, October 24, 2012 10:47:32 PM UTC-7, Eran Hammer wrote:

[mehdi medjaoui]

Hello,

I'm Mehdi; co-founder of Webshell.io, a shell for combining and scripting APIs in Javascript or Coffeescript. (a REPL for APIs)

We developped  a node.js layer for APIs server-side and client-side to be scripted and mashed up in the same language.

We also provide for developers one line of code Authentication with Oauth1.0 or Oauth2.0 and other cool fetaures as API creation in a click....

I'm also manager ot the API Rating Agency blog and the {"apis":"the joy"} blog.(with some jokes on Oauth1.0 and 2.0)

We are following your writings on http://hueniverse.com now and would like to contribute with you on Oz.

@Webshell_

http://webshell.io

[Eran Sandler]

Hi, 

I'm Eran Sandler (yes. Another Eran. You can refer to me as erans - that will make things easier :-)  ).

I was involved in the early days pre-OAuth 1.0 and the IETF and kinda disappeared for various reasons (so of it was that it was not code first )

I am to blame as being part of the silent voice who kept some track on what OAuth 2.0 was becoming and didn't voice his/her opinion.

Being more involved in mobile web, mobile apps and browser apps/extensions in recent years - I think there is a lot we can cover which doesn't have the auth dance while keeping things simple and working.

There is a reason why simple "Enter user and password" solutions work and the fact is 90% of the people don't know and don't care.

I hope to be less silent and put some code where my mouth is.

Eran

On Thursday, October 25, 2012 7:47:32 AM UTC+2, Eran Hammer wrote:

[Simon Gate]

Hey,

I'm Simon. I work as a dev @flattr. Doing both Ruby and PHP. I'm very interested Oz develops.

Cheers,

Simon

On Thursday, October 25, 2012 7:47:32 AM UTC+2, Eran Hammer wrote:

[Yami Glick]

Hi, I'm Yami Glick and I'm the co-founder & CTO of ProductStructure, provider of infrastructure for web and mobile product components (pre-beta).

I'm interested in securing web, mobile and server-side calls to our APIs and would like to try Oz and help where I can.

I share Eran's sentiments regarding OAuth 2.0

@e_glick

On Thursday, October 25, 2012 7:47:32 AM UTC+2, Eran Hammer wrote:

[Kristian Trenskow]

Hi!

I'm Kristian.

I am an iOS developer and run my own company (it's just me). I often do apps that has some kind of RESTful service attached. I often write these myself, and I always find myself struggling with authentication and security. Oz could be just what I am looking for!

How may I help? I am no security expert, but I am an experienced iOS developer.

Kristian

[Tyler Gillies]

On Thursday, October 25, 2012 10:46:59 AM UTC-7, Max Ogden wrote:

I'm Max Ogden from the node community. I wanna build crazy simple distributed systems with node and would love to be on the bleeding edge of oz in that regard.

i wanna make max happy

[Douglas Campos]

Howdy!

I'm Douglas Campos, mostly known as 'qmx', from JBoss/Red Hat. I'm the lead of the AeroGear project (aerogear.org) and I'm doing mobile stuff (native, web, hybrid). We have several scenarios that could be served better by something like oz.

> --
>
>

-- qmx

[lmccay]

Larry McCay - Java developer for many years - most recently with Oracle and now Hortonworks.

Concentration in Java platform and application server security and management.

On Thursday, October 25, 2012 1:47:32 AM UTC-4, Eran Hammer wrote:

[Michael Grant]

Hello,

Name is Michael, javascript and nodejs enthusiat. Looking forward to being a part of this.

[Michael Grant]

[Bruno Oliveira]

Hi folks!

I'm Bruno Oliveira, mostly know as 'abstractj', from JBoss/Red Hat. I'm the developer of AeroGear project (aerogear.org) and I've been focused on security client/server side.


--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

> --
>
>

[Bob Gregory]

Hey people,

I'm Bob Gregory, one of the architects at Huddle.com, part of my brief includes identity management and security, so I've been a long-time OAuth WG lurker, and I implemented draft 12 for our APIs. I also wrote a quick and dirty JWT library back in the day when the JWT spec was a single document.  We really *do* use SAML and JWT assertions to provide SSO with external IDPs, but I'm interested in how Oz might simplify things for external developers, particularly in the mobile space.

 -- B

[John Bachir]

I'm John, cofounder and tech lead at Ganxy. We might develop a third-party ID system, and we're frustrated with the drawbacks of oauth.

[Dominick Baier]

Hi, 

my name is Dominick and I am working mostly in the identity & access control space (http://www.leastprivilege.com). I also work on an open source identity provider/authorization server at http://thinktecture.github.com/Thinktecture.IdentityServer.v2/.

[Brent Shaffer]

I'm Brent!  I work for Adobe, and recently spent a lot of time writing an oauth2 server library for php.  Definitely looking forward to writing a better one, if possible :)

Brent Shaffer

@bshaffer

http://morehazards.com

[Glenn Block]

Hello all.

I am an engineer at Microsoft working on our Node.js / Cloud stack. In my last role I worked on ASP.NET Web API, a new HTTP framework that we recently shipped to help folks build "pure" HTTP and truly RESTful services. I am currently working on a book with several other authors about building HTTP based systems using Web API: http://ofps.oreilly.com/titles/9781449337711/

Disclaimer I am not the security expert in any way. I do have several years of experience building HTTP frameworks and being involved with the REST community. I saw your talk Eran at realtimeconf (I was the MS node guy) and was intrigued to hear about OZ and to recently learn about Hawk.

I am not the OAuth expert in any way, as I've just recently started grokking it (and getting a headache). I am looking forward to listening and learning and reading (and maybe contributing) to the code.

Regards

Glenn

[Leon Anavi]

Hi,

I am working on mobile apps as well as on telecommunications & network solutions. I am keen on Qt and I am also open-source enthusiast.

Best regards,
Leon

[mrdnk]

Hi I'm mrdnk (@mrdnk),

I've been doing node for a couple of years (unfortunately not full-time), not a cryptography expert by any stretch of the imagination.

But I'm really interested in seeing & getting involved with a good API authentication implementation.

I work for an organisation, that has a single authentication system for a variety of web apps - internally and extranety; and want to make it work better.

It's secure, but could be better.

On Thursday, October 25, 2012 6:47:32 AM UTC+1, Eran Hammer wrote:

[Kevin Mutyaba]

Hi, my name is Kevin. I have written a number of client-side and server-side OAuth 1.0 and OAuth 2.0 implementations and I am fairly familiar with some of the short comings of the    protocol and framework. I've routinely read your blog and would be happy to participate in this project. 

[da...@hillsoft.com]

Hi, I'm David -- a Denver, CO based developer. 

[Tadz]

Hi,
I am tandin aka Tad, currently doing my masters in Computer Science, really got interested in web application security: Authentication. And I came across the OAuth, which after reading and searching for few days lead to this page.

well, I read all the introductions here and i got goosebumps because so far...everyone here has lots of experience infield....but ME...I am a new and without much experience...yet i dared to join the group. :(

Learning starts from cradle and end in grave.

[Martin Samson]

Hi, I'm Martin, an Ottawa-based developer working for Fuel Industries. Looking forward to the next big thing.

[Marco Palladino]

Hi everyone,

Marco here, CTO at Mashape. We're really interested in this.

[Randi Miller]

Howdy everyone! My name is Randi (@randi2kewl). I am currently a fulltime student, as well as, a developer for SoloHealth and a Microsoft Student Partner. I am getting more and more interested in the security side of programming (total N00b), and hoping to learn more from all of you.

[Robertis Tongbram]

Hi all,

This is Robertis. I have some OAuth experience . Seems like i have to learn node.js to understand oz!

Thanks,

Robertis

[rup...@hollom.com]

Hi, I'm Rupert

Have developed a number of mobile apps, integrated with OAuth.  Mainly going to lurk here as I need to get up to speed with js as I am mainly a C# guy at the moment...

Cheers.

[Ondrej Kupka]

Hi, I am Ondra Kupka and I am a sysadmin/devops guy. I am also starting to develop some tools to help the developers (for now in our company) work more efficiently. I got to this group while researching various means of authentication/authorization for one of my web apps. I am still yet to understand how Oz is going to work, but fingers crossed! 

[Julio Monteiro]

Hey, I'm Julio Monteiro (http://jmonteiro.com), software engineer from JobScore (http://www.jobscore.com).

I want to build crazy simple web apis. And oz looks great, for that matter.

[Brian Michel]

Hey I'm Brian Michel, former iOS developer at Comcast, current iOS developer at Urban Outfitters. I'm just looking to help out with anything I can.

-Brian

@biranmichel