Mashups: Google's Adoption Makes oAuth a Must Have for All Apps
Open standard based user authentication protocol oAuth has now been implemented across all Google Data APIs, quickly offering this young standard for easy mashups more market validation than it's ever had before.
Eight months ago we wrote about the launch of oAuth 1.0, asking if the standard would lead to a flood of mashups across the web.
A standard method of authenticating users across different services means that mashup builders need only write one authentication process, then apply it to all data sources that support the standard. That's hot, and it's now spreading faster around the web than we thought. We discuss what this means for users below.
Google's Support
Last night the Google Data API blog announced that oAuth is now available for all Google Data APIs, everything from Gmail contacts to Google Calendar to Docs to YouTube. This means that 3rd party app developers now have one easy, standardized and secure way to authenticate that their users really own the Google accounts they say they do - without the apps asking users for their Google passwords. That data from Google can then be mashed up with any other application interested in leveraging it.
Google had included oAuth into the OpenSocial framework, but there was little indication that app developers were making use of it. Google's recently launched FriendConnect offered website developers disappointingly little access to their users' data - partitioning the Google functionality into an iframe inside participating pages.
Other Support
We've wondered recently whether oAuth was just a good idea that wasn't really gaining any traction. The list of sites with live oAuth support has been much smaller than we hoped. Now that's changing fast. PhotoBucket offers oAuth support and today SmugMug announced it as well.
We expect to see oAuth authenticating and relying parties spring up all around the web now that coveted Google user data is available through oAuth.
What This Means for Users
There is now no good reason for new applications to ask you for your Gmail username and password in order to access your list of contacts. Don't give it to them - there's a standard, approved way for them to access that data now that doesn't require giving them unlimited access to your entire account.
Apps that don't use the approved Google user authentication method in short order will be acting like a mail carrier who says they have to have a key to the inside of your house to pick up your mail because they aren't familiar with the mailbox on the front porch.
Furthermore, we as users can now expect a thrilling new wave of mashup options that can take secure advantage of our Google data. Google's adoption of oAuth is one of the most significant, tangible moves in support of authentic data portability that we've seen in a long time. App developers should be tripping over each other to make use of this data so that our use of their apps can be made richer, more powerfully useful and engaging. While they are developing to take advantage of Google's oAuth APIs, why not offer some oAuth back out to the world as well? Google's validation of the standard should start a snowball of standards enabled mashups.
We're very excited that Google has taken this step to un-silo our data and support the mutually beneficial ecosystem of mashup developers and users. We're very happy too for the community of oAuth supporters, who have done a great job building and spreading something so needed around the web. Today is a good day for the future of the web.
Share
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
This *is* pretty huge news. Gonna have a domino effect on integrating Google into our lives -- for those of us who use Google now. I wonder how many folks will have a Google account just to be able to use this capability... I started out with Gmail and now I can't Not have a Google account. I'd be professionally disfunctional.
Fantastic!
oAuth is a huge enabler for the "enterprise 2.0" community, where security and control are of much higher concern than for most of us recreational/social web nerds.
Not sharing personal passwords is a good thing. Selective sharing of data and capabilities is a good thing. oAuth means that two parties who do not trust each other can still collaborate to solve bigger problems. That's a very good thing.
Good for Google, PhotoBucket, and SmugMug. Hopefully Yahoo and Facebook climb on board soon.
This is a significant development - especially for services like us that build on en ecosystem of internet services.
MySpace also had a big announcement using OAuth yesterday. We had a pretty amazing turnout for the OAuth Summit yesterday with representatives from Yahoo!, Google, AOL, MySpace, Microsoft, Salesforce, Facebook, LinkedIn, and many others talking about OAuth!
Now we have to wait for sites that currently ask for your Google Account credentials to update to use oAuth...
Posted by: Voyagerfan5761
|
June 27, 2008 1:48 PM
A great achievement. This also helps push along the message of DataPortability. I'm glad to see google taking initiative.
I suppose Plaxe will have to follow suit shortly as they have a fair penetration in the contact importer service market.
Posted by: michaellambie.org
|
June 27, 2008 2:16 PM
Yes, YES YEEEEEEEESSSSS! Finally
Posted by: Stepan Mazurov
|
June 27, 2008 11:12 PM
On an unrelated note, why can't I go to the digg story from friendfeed? Whats up with that...
Posted by: Stepan Mazurov
|
June 27, 2008 11:13 PM
more importantly, their API is compatible with just about every web and local application development language: http://oauth.net/code/
Is very good to know that's a very good know this new API... I'll check and try it...