[martinsievers]

Wow, is it just me or is there a whole lot of passive aggressiveness in this post?

Anyway, to address the post, yes we do know that Google have implemented most of OAuth 2.0, but in reality not everyone is happy to use Google of various reasons.

There are plenty of people and organizations have to implement OAuth 2.0 server-side and wade through messy specification where half of it may be irrelevant.

[refulgentis]

A ridiculous amount. I'm an outsider to all this (iOS developer with a healthy interest in technology), and the constant pejorative adjectives directed at Hammer combined with the odd directions to the reader to "find (strong options re: Hammer) on the Net" and the horrible word insertion in Hammer's mouth that's Hammer's "pissed at everyone"...combine to make this post seem like it has a lot more sizzle than steak.

"First Take-Away" is devoted to "hay, Google implemented OAuth 2". That, as far as I understand it, is hot air because it doesn't obviate Hammer's original contention that OAuth 2 was impossible to implement without experts driving your implementation.

"Interop?" is devoted to him throwing out a wildly idealistic idea, immediately followed up by him noting that he has no idea if it's possible.

"Enterprisey" notes that he doesn't understand the enterprise requirements, understanding enterprise requirements requires expert-level domain knowledge (again, bolstering Hammer's point) and boy, those enterprise people sure are crazy!

"Standards-Making" opens by trying to use clever wordplay that has the effect of making Hammer seems small for being "pissed at everyone", and an unwarranted defense of standardization proposals aimed at those commenting on the fact the the head of a standardization proposal said standardization proposals are broken.

The most confusing part of this to me is that Bray wrote an article (http://www.tbray.org/ongoing/When/201x/2012/06/29/Becoming-a...) less than one month ago noting that "The new tech­nol­ogy com­ing down the pipe, OAuth 2 and friends, is way too hard for de­vel­op­ers; there need to be bet­ter tools and ser­vices if we’re going to make this whole In­ter­net thing smoother and safer." Yet, somehow he feels that Hammer's opinion is divergent enough from what he said to be worthy of a long sanctimonious, vacuous, article.

I don't understand why Tim Bray is respected by the tech community, and after two years of following tech news and giving him the benefit of the doubt, I'm not going to bother anymore. He seems perfectly intelligent, but his tendency online of having overwrought reactions that conflict with prior overwrought reactions he had make it difficult for me to consider him anything but a bloviator.

[nl]

I don't get that at all.

I think the OAuth 2.0 story is complicated, support is mixed and Bray's post acknowledges that.

[benatkin]

I didn't catch that he was frustrated about OAuth 2 being way too hard for developers. Maybe he thinks Hammer should be content with developers having to use libraries they don't understand.

[antrix]

> but in reality not everyone is happy to use Google of various reasons.

I don't think he is saying 'just use Google'. He is saying that Google's wide-spread adoption of OAuth 2.0 is existence proof that the technology itself works.

> plenty of people and organizations have to implement OAuth 2.0 server-side and wade through messy specification where half of it may be irrelevant

Hence this bit: "It’s done. Stick a fork in it. Ship the RFCs." It is entirely possible that the 'working' bits of the spec will be distilled out as RFCs which should make implementation easier.