All parties involved in building the spec have signed a covenant of non-assertion, meaning that OAuth can now be safely implemented anywhere without concern about Intellectual Property lawsuits. If you think this is too geeky for you - try out the live demo embedded below.

The parties that contributed to building OAuth and have singed the promise not to sue are: Yahoo, Google, AOL, Twitter, Ma.gnolia, Citizen Agency, Wesabe, Pownce and Six Apart. Also signing as individuals were Eran Hammer-Lahav, Mark Atwood and Blaine Cook.

What is OAuth?

OAuth is a standard protocol for one web site to access user information on another website without asking the user for their password, but accepting confirmation from the 2nd site that the person is in fact who they claim to be. As Eran Hammer-Lahav, Open Web Evangelist at Yahoo! and OAuth point-man, told us tonight: "It is a way to build distributed services across multiple vendors while still keeping your data as private and safe as you would like it to be. You can limit it, for example - for time (like only one day), only read access, photos only and not videos, etc."

Why is this important? This is a key technical step towards making data portability real. It creates a path for users to move data they've created on one service into another service that can then offer new features or personalization based on what the users have exposed to them about themselves from elsewhere. It's a big ingredient in a recipe for innovation, in the form of mashups or otherwise.

How is it different than OpenID? It's a related, but different way to move data around. OpenID got a non-assertion covenant signed almost a year ago and provided, along with the Apache Foundation, the basis for the OAuth covenant. There's a whole lot that can be done with both of these protocols and we look forward to seeing them develop together.

What does OAuth look like in the wild? Below are two examples. The first is a screenshot of Yahoo's location based service Fire Eagle asking a user if they want to grant permission for another app to access their data on Fire Eagle.

Screenshot from Chris Messina.

The second example is a mock live demo of OAuth in an iframe, created by Eran Hammer-Lahav. A detailed explanation of this demo can found here.

Pretty awesome, no? So let's get the safe, granular data porting rolling! We eagerly anticipate a growing ecosystem of apps that do things with user data that were never possible before. As Eran Hammer-Lahav, who's been working on this full time at Yahoo! almost all year, says - the web owes him a beer.

]]> tag:www.readwriteweb.com,2008://1.7103-comment:64844 NewWebPlatform http://www.newwebplatform.com Wow. True data portability! Of course, this is assuming that the major service providers do indeed buy into this. It'll be hard for them not to once developers begin leveraging this. Are there any plugins or other interfaces for developers to equip their sites with this functionality?

Excellent demo.

]]> 2008-08-27T02:01:33Z tag:www.readwriteweb.com,2008://1.7103-comment:64847 tobias http://me.dium.com/search great stuff. i know a ton of people have worked really hard to make this happen. and we owe them a single beer? how about a magnum of champagne! it's time to celebrate...

]]> 2008-08-27T02:25:23Z tag:www.readwriteweb.com,2008://1.7103-comment:64848 factoryjoe.com http://factoryjoe.com This is indeed good stuff and Eran deserves a great deal of credit for realy forcing this stuff forward against corporate lawyers and other kinds of organizational membranes I'd rather not mention. It's not a big deal from a technical standpoint, but it is from a legal, rights and business/economic perspective.

And on the topic of credit -- would you mind tossing me a little link for the Fire Eagle screenshot? It's got my username in it after all... and complying with the license terms are all I ask. ;)

]]> 2008-08-27T02:30:38Z tag:www.readwriteweb.com,2008://1.7103-comment:64849 factoryjoe.com http://factoryjoe.com @NewWebPlatform Check out http://oauth.net/code for libraries and plugins!

]]> 2008-08-27T02:31:48Z tag:www.readwriteweb.com,2008://1.7103-comment:64852 Marshall Kirkpatrick Thanks FactoryJoe and sorry I forgot to add that link.

]]> 2008-08-27T02:52:44Z tag:www.readwriteweb.com,2008://1.7103-comment:64857 Dash Chang http://tEarn.com Thanks for covering this topic. Other blogs seem to ignore the topic.

The OAUTH examples do create confusion. The goal is to reduce friction among websites. Better examples would be commerce with Paypal, Feedburner to blog, or Facebook to Yahoo mail.

- oauth creates trust among known sites agreeing to common security policies. This engenders trust among users.

- oauth reduces the multi-key login to a click. Simple is good.

Now, if we can solve the tricky problem of network reliability suffered by 1% to 2% of the users, we're golden.

-Dash Chang
http://tEarn.com/ target, earn

]]> 2008-08-27T04:15:18Z tag:www.readwriteweb.com,2008://1.7103-comment:64860 factoryjoe.com http://factoryjoe.com Thanks Marshall...! ;) Also, looks like you might not have closed the anchor link on my name... :#)

]]> 2008-08-27T05:50:28Z tag:www.readwriteweb.com,2008://1.7103-comment:64902 J. Trent Adams http://www.mediaslate.org/jtrentadams/ It's fantastic to see you widely publicizing the movement in the decentralized authentication / authorization arena. Specifically, it's key to get the message out that there is a loosely connected community of people actively working on these issues... so the common user doesn't have to worry about them.

While not everyone agrees with each and every implementation effort, the spirit of the dance is such that we're collectively moving in a positive direction. Whether it be OpenID, oAuth, Higgins, or SomeThingNew, it's incredibly important to have a clear IPR path to pave the wave for mass adoption of usable SSO specifications so they can become widely adopted standards.

As Eran mentions in his post, many(+) long(++) hours go into making this happen. During the process it often seems like nothing "concrete" is coming from all the talk, but in the end it's possible to look back and see how valuable that talking has been.

Congrats to all, and I'm personally (and professionally) looking forward to the building momentum.

]]> 2008-08-27T16:51:18Z