Our Sponsors
View News by Category
- Adobe (3)
- Amazon (43)
- AOL (17)
- APIs (226)
- BestMashups (123)
- BestPractices (13)
- Books (6)
- CaseStudies (5)
- cloud (2)
- Code (6)
- Contests (68)
- database (1)
- ebay (7)
- Enterprise (48)
- Events (61)
- Examples (153)
- Facebook (17)
- Featured (10)
- fun (7)
- Games (4)
- General (16)
- Google (111)
- Gov (38)
- Green (2)
- Hardware (7)
- HowTo (15)
- Infrastructure (15)
- Issues (56)
- Java (2)
- JavaScript (13)
- Jobs (1)
- Law (22)
- Mapping (105)
- Media (16)
- Metrics (7)
- Microsoft (43)
- Mobile (13)
- Money (81)
- Music (20)
- News (123)
- Nonprofit (5)
- OpenSocial (17)
- photo (22)
- Popular (26)
- PopularAllTime (24)
- Press (17)
- Reference (6)
- Religion (1)
- RIA (6)
- roundup (1)
- Ruby (2)
- Salesforce (8)
- Science (1)
- Search (14)
- Security (19)
- SemanticWeb (4)
- Shopping (17)
- Site News (62)
- Social (57)
- Source (4)
- Standards (8)
- Telephony (13)
- Tools (48)
- Video (32)
- Visualization (8)
- Widgets (20)
- wiki (3)
- Yahoo (61)
Archives
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
OAuth Spec 1.0 = More Personal Mashups?
John Musser, October 5th, 2007 
Comments(5)
A piece of the mashup puzzle that could lead to more interesting and useful applications has taken a step forward this week: the final draft of the OAuth specification is now available. What is it and why does it matter? Since there are already some very good explanations out there, here are the essentials drawn from Eran Hammer-Lahav and his OAuth series:
- Shortest explanation possible: An API access delegation protocol
- Your valet key for the web: Like the feature on many cars today where you give the parking attendant a special key to your car that gives him some, but not all, access to your vehicle. On the Web you now have your own keys to dozens of sites but how to best handle the mashup-style case of site A wants you to grant them access to get some data from site B? Ideally you don’t want to give site A your password to site B. OAuth aims to simplify this problem: “It allows you the User to grant access to your private resources on one site (which is called the Service Provider), to another site (called Consumer, not to be confused with you, the User).”
- Versus OpenID: OAuth and OpenID are related but are not solving the same problem and do not depend upon one another. “While OpenID is all about using a single identity to sign into many sites, OAuth is about giving access to your stuff without sharing your identity at all (or its secret parts). If OAuth depended on OpenID, only OpenID services would be able to use it, and while OpenID is great, there are many applications where it is not suitable or desired. Which doesn’t mean to say you cannot use the two together. OAuth talks about getting users to grant access while OpenID talks about making sure the users are really who they say they are.”
- History: Started with informal discussions in November 2006 about OpenID and delegated authentication; April 2007 Google group started, this summer initial spec drafted, and now at 1.0 final draft.
- Who’s going to be implementing it?: “At the time of writing this, we expect initial implementations from (in alphabetical order) Digg, Jaiku, Flickr, Ma.gnolia, Plaxo, Pownce, Twitter, and hopefully Google, Yahoo, and others soon to follow.”
- Inputs: Given that this is not a new problem, the creators of this spec drew from a variety of related efforts including existing protocols like Yahoo BBAuth, Google Web Auth, Flickr API and others.
- OAuth links: the OAuth spec and lots of related links.
This very promising specification moved along quickly thanks to hard work and cooperation from those involved. This sort of standards effort and events like Data Sharing Summit are helping move the mashup ecosystem forward.
For more coverage see Marshall Kirkpatrick at Read/WriteWeb, Brady Forrest at O’Reilly Radar, Microsoft’s Dare Obasanjo, and Chris Messina.
-
I’m always weary of signing up for yet another service. It’ll be nice to be able to get access to some services using a more decentralized ID system. I hope this system isn’t used to transfer information seamlessly between sites though. It is a disturbing trend that each site wants to know about what you do on another site. Ease of use is a horrible reason to leak data improperly to sites that have not asked permission properly.
Comment by: Joel Voss - October 5th, 2007 at 2:57 am -
[...] [2] OAuth Spec 1.0 = More Personal Mashups? [...]
-
[...] which we covered last fall, is an API access delegation protocol that has been described as your valet key for the web: Like [...]
-
[...] another technology I need to start looking into: OAuth. ProgrammableWeb describes it as: Like the feature on many cars today where you give the parking attendant a special [...]
-
[...] OAuth Spec 1.0 = More Personal Mashups? [...]
Comment by: OAuth Support at SmugMug - June 27th, 2008 at 1:07 am
Leave a Reply
Our Sponsors
Member of
