An open standard for authorization that allows users to grant third-party applications limited access to their resources without sharing credentials. (Ch. 20, 27)