1 Comment

Summary:

The OAuth standard for cross-site authentication has been around for over a year now, without having really taken off. A pair of announcements this week indicates that the quiet period is over, though: both the Google Data APIs and MySpace’s Data Availability Project opened their doors […]

The OAuth standard for cross-site authentication has been around for over a year now, without having really taken off. A pair of announcements this week indicates that the quiet period is over, though: both the Google Data APIs and MySpace’s Data Availability Project opened their doors to OAuth. This means that other sites and mashups that want to use your Google or MySpace data do not have to prompt for your username and password (and they shouldn’t!); they can forward your authentication requests straight to the home site instead, and just get back the data that you allow it to share.

For site developers, this raises the bar a bit: with these high-profile examples of best practices, users are going to be more reluctant to share their credentials with every web site that comes down the pike. For web workers, wide adoption of OAuth can help protect the security of our accounts, and make it easier to try out new services. It’s a win all around.

  1. I wouldn’t exactly say that OAuth hasn’t “really taken off” in the past year — not only was OAuth Core 1.0 only finalized this past December (making it only six months old!) but MySpace essentially inherited OAuth because it supports OpenSocial, which long has promised to support OAuth.

    Nonetheless, this announcement from Google is huge — and I think OAuth is really going to be central to social web applications from this point forward.

    Share

Comments have been disabled for this post