Have you noticed an increase in the number of reports about malware and compromised web servers? Recently, a computer exploit known as Gumblar has been making news for its ability to launch exploits via drive-by download. Gumblar silently installs itself on a computer if a user simply visits a compromised web site, where it proceeds to steal FTP logins and replace legitimate Google search results with redirects to sites of the attacker’s choosing. Despite the threat of Gumblar and malware exploits like it, users of recent releases of the Firefox or Chrome browser have an extra layer of protection provided by their use of Google’s Safe Browsing API.
Google has announced some new features available for its OpenID API. As some of our readers may remember, earlier this year Google released a “Hybrid Protocol” API that combines an OpenID federated login with OAuth access authorization. The API has been enhanced with some extended Attribute Exchange fields and a pop-up user interface for the user-facing approval page.
Google is making it even easier for developers wishing to implement OpenID with the OAuth. Google has announced that developers can now utilize a “Hybrid Protocol” that combines the OpenID federated login with the OAuth authorization process. The new OpenID OAuth extension makes it easier for developers to implement OAuth through initial authentication using OpenID. According to Yariv Adan on the Google Data APIs Blog:
Websense, a leading web security company, has announced that it has acquired Defensio, the anti-comment-spam service. Last fall we wrote about Defensio and its API and how it lets developers submit text snippets, such as comments from blogs and forums, which is then analyzed to return an indication of the likelihood that the text is spam. In the announcement, Websense notes these capabilities:
AOL has announced that its MapQuest service now supports OpenID logins as part of the new My MapQuest capability. AOL has long been an OpenID innovator. As AOL’s George Fletcher reminds us, AOL was one of the earliest OpenID providers.
OpenID holds much promise as a means of supporting a single digital identity that can be used across the Internet. Currently there are several types of OpenID identity providers out there, and several of the major players on the web, including AOL, Microsoft, Google, and Yahoo!, have committed to become OpenID providers as well. While there is some concern about the ‘Balkanization’ of OpenID by these service providers (essentially the concern is over the fact that service providers will only provide OpenIDs and subsequently they will not become consumers of OpenIDs from other providers), the positive side of this adoption is that hundreds of millions of existing user accounts can now be used as OpenIDs.
Yahoo! has announced the rollout of some limited tests for OpenID’s Simple Registration specification. If you’re not familiar with OpenID, it’s an innovative way for handling user authentication that provides a free and easy way to use a single digital identity across the Internet.
As announced on the blog of CEO Don MacAskill, the photo-sharing site SmugMug now supports OAuth.
What happens when the API is technically secure but the environment, whether widget, web site or mashup, is not? Recent security breaches in MySpace and Yahoo, which led to the release of semi-embarrassing photos of prolific celebs Paris Hilton and Lindsay Lohan, points out the added opportunities for hackers in the open web.
Standardization, or lack thereof, around identity, authentication and authorization for open web APIs is one of the greatest challenges to mashup application developers today. So it’s quite notable that Google not only just quietly added OAuth support to their Google Contacts API but also stated that “This is our first step towards OAuth enabling all Google Data APIs.”
©ProgrammableWeb.com 2009. All rights reserved.
Terms of Service | Privacy Policy
