OAuth

Freshness Warning
This article is over 10 years old. It's possible that the information you read below isn't current.

OAuth is a great idea. As Six Apart says in their announcement of support...

Right now, if you want Flickr to post to your TypePad blog, or you want to connect a client to update both your Twitter account and your LiveJournal, you have to give them the password to your account, giving a third-party free reign on your site. Even worse, on some other services, the password for an account used for blogging or other applications is the same login that controls extremely sensitive information like your email account or credit card systems.

OAuth aims to standardize the way in which different consumer systems share data. The goal is to allow a person to give an application access to do some things on your accounts at other sites, but not everything. It’s role-based authorization for APIs.

Right now you give Facebook your Yahoo username and password so they can check so you can connect with Yahoo Mail contacts that are also on Facebook. That’s fine and dandy as long as Facebook doesn’t decide to do anything malicious with your account (like send an email to everyone, pretending to be you). Or as long as their systems aren’t compromised.

What OAuth wants to do is allow you to give Facebook permission to see your Hotmail contacts, but not to send them email, to change your contacts, or to read your mail.

At IMified, we’re looking into the specification and we’ll be implementing support in our apps. When you give us access to post to your Google Calendar, you shouldn’t have to trust us that we won’t also be reading your email. I mean, you can trust us, but you shouldn’t have to.

Mark Atwood
October 8, 2007 12:34 PM

I'm one of the specifiation authors for OAuth Core 1.0, and am very gratified to see all the positive buzz and takeup that it's generating.

Your comments:

Text only, no HTML. URLs will automatically be converted to links. Your email address is required, but it will not be displayed on the site.

Name:

Not your company or your SEO link. Comments without a real name will be deleted as spam.

Email: (not displayed)

If you don't feel comfortable giving me your real email address, don't expect me to feel comfortable publishing your comment.

Website (optional):

Follow me on Twitter

Best Of

  • How not to apply for a job Applying for a job isn't that hard, but it does take some minimal effort and common sense.
  • Simplified Form Errors One of the most frustrating experiences on the Web is filling out forms. When mistakes are made, the user is often left guessing what they need to correct. We've taken an approach that shows the user in no uncertain terms what needs to be fixed.
  • The best of 2006 I wrote a lot of drivel in 2006. Here's the things that are less crappy than the rest.
  • Rounded corners in CSS There lots of ways to create rounded corners with CSS, but they always require lots of complex HTML and CSS. This is simpler.
  • Debunking predictions Read/Write Web's authors have some goofy predictions.
  • More of the best »

Recently Read

Get More

Subscribe | Archives

10

Recently

Physical camera shutter for Cisco Spark Board (Jul 6)
A 3d printable design for a camera shutter for a Cisco Spark Board
My Travel Coffee Setup (Jan 20)
What my travel coffee brewing setup looks like, and how you can build your own for under $100.
Turkey Legs (May 30)
Product naming gone awry.
Speaking for Geeks: Your Slides (Dec 17)
Tips and tricks for creating great slides.
Speaking for Geeks: Writing Your Talk (Dec 14)
Don’t wait until the night before the talk to write it. Crazy, I know.
Speaking for Geeks: Tell a Story (Dec 13)
Telling a story keeps your presentation focused, keeps your audience interested, and makes it easier for you to remember your talk.
Speaking for Geeks: Where to speak (Dec 11)
You've got a great idea for a talk. How do you find conferences to submit it to?
Speaking for Geeks: Getting your session accepted (Dec 10)
Your conference speaking submissions are not getting accepted because they're bad. Here's how to make them better.

Subscribe to this site's feed.

Elsewhere

Tropo
Voice and communications platforms, including Tropo and Phono. Work.
SacStarts
The Sacramento technology startup community.
Pinewood Freak
Pinewood Derby tips and tricks

Contact

Adam Kalsey

Mobile: 916.600.2497

Email: adam AT kalsey.com

AIM or Skype: akalsey

Resume

PGP Key

©1999-2017 Adam Kalsey.
Content management by Movable Type.