OAuth 2.0 and the Road to Hell

I just came across a a very interesting blog post by Eran Hammer about OAuth 2.0, its progress and its past.

If you're considering OAuth, it's worth a read. It also kind of reflects how I initially felt when I looked at the sea of OAuth 2-related documentation. My experience from tracking OpenID and DAV related standards is very similar. It is very, very hard for committees to create simple standards. I reckon the only way it can work, is with a trusted BDFL-type at the helm.