OAuth puts all security bets in one basket: TLS - and you probably
know how secure that is from a user (ignore warning window) or dev
(ignore those darn certificate exceptions) perspective.
Interesting....
Honestly we are just looking for an efficient and effective way to
secure our resources, manage authentication, and authorization based
on roles. Standards being a thing that everyone is playing close
attention to, just felt that the latest and greatest would be the way
to go.
In regards to an OAuth 1 standard + Jersey 2.0? Can we get an AA up
and running in a stable and lightweight manner? I stumbled on the
spring-secure project, and they seem to have the following OAuth 2
production code example for anyone who would be interested....
https://github.com/cloudfoundry/uaa
Kind Regards,
Nick.