A fair assessment of the basic OAuth 2.0 impl, but I'm left wondering how to as-simply state the value add for developers to implement an OAuth 2 workflow instead of just relying on SSL.<p>Is the additional overhead to development worth the gain in security for the straightforward "access my own protected resources" use case?