Yahoo looks outside for Mojo


Yahoo’s Hack Day might have looked a job fair from afar, but the announcements at the show indicate that the company is looking to go outside its campus, and jumpstart its innovation engine.

The hack day comes at a time, when dark clouds are gathering over the Sunnyvale, California-based Company that is always playing catch up with Google. The Economist recently published a story that highlighted Yahoo’s bureaucratic ways.

“Days go by and deals go away,” says an outside adviser to Yahoo! who has sat in on executive meetings. The firm has a “relatively constipated process of reviewing anything,” he says. It is slow and cumbersome and “not an entrepreneurial culture” because Mr Semel is a “low-risk, non-confrontational guy”, says this adviser.

This is in sharp contrast to haphazard, often (and mostly confusing) approach adopted by Google. The long delayed upgrades to their core search/advertising platforms, and other issues are just some of the problems being faced by the company. “We’re past the days of radical innovation where somebody is really going to blow past a competitor,” Chris Sherman of SearchEngineWatch told The Economist. There is the nagging issue of talent flying the coop.

When juxtaposed against this backdrop, Yahoo Hack Day must have some kind of strategic importance. (We will hear from Yahoo some day about that, so for now we are going to speculate :-) )

One of the big announcements was BBAuth, or browser based authentication, that will allow developers to build third party apps that access Yahoo data. This is a single sign-on product, though unlike Microsoft Passport, it can work with other sign-on solutions. (This is something which eBay should have done this with its reputation rankings/data, but well, never did, forgetting that eBay’s value is in its authentication reputation system.)

Using this BBAuth, Yahoo can help create an ecosystem of third party apps. In addition, there is that 200 million Yahoo user base that can log into these applications. It could be a real developer magnet, and is getting kudos around the blogosphere. In addition, Flickr also released new APIs for Flickr and Upcoming alongside a Yahoo Mail API. The Mail API is significant in that it is the first of the web mail providers officially providing programmatic access to Mail.

These are good moves – Yahoo will get some more developers paying attention to the company, though I have not had a chance to think about how much of a business impact these moves will have. Mash-ups, and APIs are cool but, in the end they have to be translate into cold hard cash for any publicly translated company. Of course, there are other issues company has to deal with before making a comeback.

(The post includes inputs from Nitin Borwankar, who is following the Yahoo Hack Day this weekend.)


family portrait artist

These things should be done in haste before time forgets about Yahoo. Although Yahoo is still famous in some third world countries these same countries are now beginning to realize some of the down side of Yahoo especially in organic research.


My personal experience as a developer making creative use of APIs has been that given fuller and freer access to an expanding variety of data from seemingly unrelated sources makes for an organic, almost evolutionary explosion of mash-ups .. odds being than one or two or a handful may become a killer ap in some odd niche that could never be deduced by a boardroom meeting. The cold hard cash has and will come through the many independent developers who’s talents and creations are neither a drain on a company’s payroll, nor leeches of data, but rather partners in the future growth of web 2.0

Rocky Agrawal

Flickr offers a de-authorization page for third party services as well, so I’d expect we’d see something similar on Yahoo. I use Slickr to have my friends’ pictures scroll through on my screensaver.

Re: ebay – I would love to be able to carry my eBay reputation with me when I sell on other sites, especially places like craigslist.

I also want someone to open up their buddy lists:


this site looks really nice. props to whoever put it together. it was the new zealander, wudnit?

but what i really want to know is, why does Google keep hiring all these hardware engineer types?

they’ve been hiring these folks for months now, and they’re still hiring, so something big is going down in the MV. phones? pda’s? gps? what’s up? it must be an open secret by now, but some of us are not in the know, ya know?

Alex Schultz

Oooops one really crucial thing I missed off is that certainly with eBay a user can switch off permission for any third party application to access their account via the API at any time via a link within > preferences > Third-party authorizations >. I expect Yahoo! will be doing the same (but obviously don’t know).

Alex Schultz

Nicely put Jeff.

The Yahoo! diagram explaining Auth and Auth couldn’t really be better designed to explain (at least one instance of) the eBay version. There is another instance where eBay saves the token and it doesn’t get sent back as part of the redirect url but is called by the application (obviously that is useful for desktop apps). When the user returns to the Application after completing browser based authentication the application can use an API call called “FetchToken” to retrieve the token.

Auth and Auth is really a critical part of any web service and (for example) does it differently where I as a developer pick up the user’s username and password, store them in a database and send them to every time I make a call on the API on behalf of the user. This is obviously insecure for a number of reasons and although not necc. scary for a user you can get why that kind of methodology would be a nightmare for Yahoo! mail etc… third party applications and so this browser based authentication is awesome.

Typepad actually do something slightly different which I love for their Widget API. You create your submission for a widget to add to your typepad account via a third party site and once it is ready the developer sends it (and you) to typepad using a POST command. Typepad stores the information the developer sent across and you sign in to Typepad and authorize the widget to be added to your blog. Obviously this wouldn’t work for every web app and would be massively tedious even for some which it could be used on but for the typepad widget need it is elegant and efficient. I really like it.

Jeffrey McManus

So, Passport is (or was intended to be) a single signon product in which a giant authentication and authorization database was to be maintained by Microsoft for any web site that chose to implement it. (Authentication verifies that you are who you say you are. Authorization verifies that you’re allowed to do something.)

In contrast, eBay and Yahoo’s systems both provide authentication and authorization for third party applications that use eBay and Yahoo web services only. eBay’s and Yahoo’s systems work similarly because they were informed by similar use cases, and because some of the same people (i.e. me) were involved in their creation. Neither system aspires to be a single sign-on for the web. (BBAuth can’t even be used as single sign-on for Yahoo since all of Yahoo hasn’t adopted it yet.)

Om Malik

Alex and Jeffrey,

thanks for pointing out the error in my ways. i should have been more explicit. i wanted to say that ebay should have done the same with it is reputation system and become the “credit bureau” of the web, in more simplistic terms.

also, can you both outline the ebay efforts.

Jeffrey McManus

Om, BBAuth is not a single signon product. Also, eBay has had something like this for a few years. (I worked on both products when I worked at each of those companies.)

Alex Schultz

It is awesome that Yahoo! launched this Browser Based authentication, I love the Yahoo! APIs program with them regularly and want to do more!

I am however slightly confused by this comment in your post “(This is something which eBay should have done, but well, never did, forgetting that eBay’s value is in its authentication system.)”

Having just gone through the Auth and Auth that Yahoo has set up (see diagram here) it seems identical to the system found at eBay which powers many of the third party listing tools which drive a huge proportion of eBay’s business.

You are totally right it is crucial eBay should do this but eBay did, >2years ago and it is now driving a lot of value. You can see examples of it’s use for free at or also at

Give it a go :)

Josh J

Yawn. An authentication scheme is only as good as the APIs it exposes. In Yahoo’s case; there’s only 1. Double Yawn.

I can’t wait for Yahoo to just go away. I installed Yahoo Messeneger on my system and I think it’s worse than a virus a infecting a user’s system. I can’t right click without seeing a Yahoo icon.

Steve E

Yahoo needs new talent. They seem to be stagnating. So many good products that need an upgrade, they just need some innovative people on board.

With that huge user base, ability to generate massive ad revenues and broad range of services they really should be doing better than they are!

Kudos on the BBauth though. Looks like it will be really cool and may help get them a bit more attention.

Comments are closed.