OAuth 2.0 – Spec?

It’s no surprise that Eren left the group.  Reading through the OAuth 2.0 spec I found this paragraph:

“OAuth 2.0 provides a rich authorization framework with well-defined security properties. However, as a rich and highly extensible framework with many optional components, on its own, this specification is likely to produce a wide range of non-interoperable implementations.”

Eh?  A security spec that will produce non-interoperable implementations is not a spec imho …


Test Driven Development or Exception Driven Development?

I’ve seen a number of discussions kicking around as part of these ongoing debates about development processes.  It’s a non-issue as far as I can tell.  One is “Pre-Use” (Test Driven) and one is “Post-Use” errors encountered by users in the wilds.  One is essentially pro-active the other re-active.

One is much easier to quantify it’s benefits (Exception Driven) the other harder (Test Driven).  Test Driven is massively beneficial but Exception Driven is very interesting in terms of prioritising bug fixing once an application has gone live.

I’m making use of ELMAH in my web apps these days.  Such a neat solution to a cross cutting domain problem of exception recording.  It provies an RSS feed and a wb based view on the yellow screen of death as it would have appeared to the developer running it locally during development.  Amazing …

Now the only issue I have is securing the view onto the exceptions database! 🙂