OAuth - Breaking down barriers

OauthThe “final draft” version 1.0 of OAuth was released yesterday. OAuth is an Open Authentication spec that is attempting to become the standard for cross-platform information exchange.
- The Problem -

Let’s say you have accounts on a wide number of websites: Facebook, Netflix, Flickr, Amazon, Twitter, etc. Combined you have a network of sites that perform unique functions as well as store your personal information. Currently, however, information about you that is available to one site is inaccessible to the next. For instance, Netflix has no idea what you’ve purchased on Amazon and vice-versa, information that would allow both sites to offer better, more personalized recommendations that would help you find more movies you want to watch while increasing sales at the same time.

Cross-functionality isn’t an option either; there’s currently not a way to automate a Twitter post letting your friends know that you have just posted a new photo album titled “____” on your Flickr account. In order for this to work, each account would need your personal login and password credentials of the other, giving both sites full access to sensitive information as well as the ability to modify it. While the sharing of unique personal data and the utilization of cross-functionality would be useful, the difficulty of safely transferring info from one site to another has not been surmounted, leaving each account existing in a vacuum.

- The Solution -

OAuth is a protocol that enables the secure transfer of login credentials across platforms, making the examples above easy tasks. With OAuth, people can enjoy cross-functionality among different accounts without ever exposing their passwords. In addition, people are able to select the level of access granted to other sites for each of their accounts. For example, a person could give Match.com access to their Facebook interests, but not to their wall posts or friends lists.

Programmers developed OAuth by combining what they saw as the best features from other protocols (such as Google AuthSub, AOL OpenAuth, Yahoo BBAuth etc.), and they hope to solidify it as the open authorization standard. One feature that really sets OAuth apart from the rest is that its built with support for not only websites, but desktop apps and mobile devices as well.


Post a Comment

30 queries. 0.456 seconds.