We quickly implemented the two legged OAuth for the API for speed and simplicity. This is aimed at developers who have a large number of apps to upload.
We should add in the standard three legged OAuth as well. This is aimed at developers who don't have a large number of apps to upload, but want a simple point and click way through.
Developers will be need to be authenticated through Persona to the marketplace. Then we need a page that apps can hit and will return the tokens. The API will then need to cope with the three legged or two legged tokens appropriately.
We have an app development shop wanting to use this.