ReadWriteWeb

If I were truly mischief and wanted to game the system, I would have named this article, "Facebook Wants to Be Your One True Login, Part 2." If you're not familiar with the incident to which I'm referring: One of the most illustrative cases of the incomplete state of the Internet as an information system was in February 2010, when ReadWriteWeb itself happened to publish an article with "Facebook" and "login" in its headline. It soon found itself at or near the top of Google search results for the phrase "facebook login," with the result being that hundreds of Web users to this day happen upon this page when they're trying to reach Facebook itself.

The Web was not designed to require identity or authentication for data to be accessed. Up to now, most consumers have not considered this a problem - at least, not the ones who found themselves staring at ReadWriteWeb when they were expecting Farmville. This will change.

Google's continuing its push for OAuth 2.0 in its Google Web APIs by providing a "playground" for developers to test OAuth interactions.

Basically, Google's playground is a way for developers to walk through OAuth interactions from start to finish.

Last week in Santa Clara, the World Wide Web Consortium (W3C), hosted its annual Technical Plenary (TPAC), at which 500 representatives from W3C's community met for a week. The social Web was high on the agenda.

Currently, the most familiar social Web standard is OAuth2 from the IETF, widely used for open authorization (which allows us to give second-party Social Web services access to information without asking for a Gmail password) on sites such as Facebook and Twitter. However, it now appears there may be a number of other standards in the wings, ranging from work in browser-based identity to rolling your own Google+'s Circles in a federated Social Web to emerging work around the hot topic of social business.

What has dramatically accelerated the power of cloud-based apps and service platforms over the past two years is their embrace of Web services protocols. Using RESTful function calls with which developers are already familiar, they can request functionality from live, cloud-based servers that can deliver results in a form they can immediately put to use - HTML elements, or JSON or XML data.

We covered Apigee some months back, and it remains one of our favorite modeling tools. Think of a live Rolodex for cloud API functions. You can page through categories with your thumb until you find a template you need, then supply some parameters and try a call out until it works the way you want. Then you cut and paste the call into your app.

Twitter has just announced a change to the way in which it handles permissions for third-party applications. The update will give users a better understanding of how this process works and what information third-party apps can access.

When users authorize to a third-party app for the first time, they'll see a new permissions screen detailing what that integration with Twitter means. This can include activities like reading tweets, seeing who the user follows, tweeting on a user's behalf, or accessing Direct Messages.

Twitter has taken to redesigning the OAuth screen - the screen you see whenever you decide to login to an application using your Twitter account - in an attempt to better show what you are agreeing to when you hit the "Allow," err, "Authorize app" button.

Twitter developer advocate Matt Harris announced on the developer Google group this afternoon that they were working on refreshing the screen to offer "better clarity about what an application can see and do with an account." Though it might be better than before, it's still missing one key thing - the fact that the app can access your DMs.

Today Google announced support for the OAuth 2.0 protocol, although the standard isn't yet complete. Version 2.0 is designed for developer simplicity. Developers frequently complain about the difficulty of using OAuth to integrate applications with Google Apps.

Google also introduced a new OAuth consent page that it hopes will be simpler to understand.

Vincent Van Gemert and the Floorplanner team ran into a few stumbling blocks while preparing their product for the Google Apps Market. "We found out that a lot of people were struggling with the existing Rails libraries and the OAuth authorization method," Van Gemert wrote. That's why Van Gemert created a guide for integrating Ruby on Rails applications with Google Apps and the Apps Marketplace, which Google has published on its Apps Developer Blog.

The clouds are aligning so to speak. Apps are everywhere. The variety of mobile devices connecting to the networks is unprecedented. In the process, identity management is becoming a major issue.

According to a Gartner survey earlier this year, enterprise managers see identity management as a top business priority. That would lead to the conclusion that enterprise operations are considering a variety of identity management options.

Emerging is a growing interest in social identity as a means for employees to sign into external applications.

Earlier this week, a Google engineer was caught spying on users, and a few old emails from Facebook's CEO Mark Zuckerberg revealed that he had easy access to user profiles in the early days of the service. As we move more and more of our personal information into the cloud and onto social networks, we really have to trust these companies' developers that they won't misuse our data. At the same time, though, we also have to be able to assume that companies like Twitter and Facebook will ensure that developers of third-party apps can't easily snoop on us either. According to OneForty's Mike Champion, Twitter's API currently makes it too easy for unscrupulous third-party developers to access private direct messages (DMs), for example.