OAuth Gains Traction

The OAuth standard for cross-site authentication has been around for over a year now, without having really taken off. A pair of announcements this week indicates that the quiet period is over, though: both the Google Data APIs and MySpace’s Data Availability Project opened their doors to OAuth. This means that other sites and mashups that want to use your Google or MySpace data do not have to prompt for your username and password (and they shouldn’t!); they can forward your authentication requests straight to the home site instead, and just get back the data that you allow it to share.

For site developers, this raises the bar a bit: with these high-profile examples of best practices, users are going to be more reluctant to share their credentials with every web site that comes down the pike. For web workers, wide adoption of OAuth can help protect the security of our accounts, and make it easier to try out new services. It’s a win all around.

loading

Comments have been disabled for this post