OAuth 1.0a uses shared secrets used to sign requests instead of relying just on SSL. First you get a Request Token, then an Access Token, which can finally be used to get a Salesforce session id to make subsequent API calls. To get started, register an app in Salesforce at Setup | Develop | Remote Access, and fill in the form below.