I’ve become fascinated by the tech and policy and developer
issues around OAuth, and two things seem obvious to me:
Usernames and passwords generally suck and obviously don’t
scale to the Internet, so we need to do away with ’em soonest.
The new technology coming down the pipe, OAuth 2 and friends,
is way too hard for developers; there need to be better tools
and services if we’re going to make this whole Internet thing
smoother and safer.
No doubt in my mind that this is one of the big problems to be solved for the industry over the next decade, and Bray’s two-point bullet list is exactly right: the username/password solution is bad for users in numerous ways, but whatever eventually replaces it needs to be easy for developers.