Need someone to lead product or development at your software company? I lead product and engineering teams and I'm looking for my next opportunity. Check out my resume and get in touch.

OAuth

Freshness Warning
This blog post is over 13 years old. It's possible that the information you read below isn't current and the links no longer work.

OAuth is a great idea. As Six Apart says in their announcement of support...

Right now, if you want Flickr to post to your TypePad blog, or you want to connect a client to update both your Twitter account and your LiveJournal, you have to give them the password to your account, giving a third-party free reign on your site. Even worse, on some other services, the password for an account used for blogging or other applications is the same login that controls extremely sensitive information like your email account or credit card systems.

OAuth aims to standardize the way in which different consumer systems share data. The goal is to allow a person to give an application access to do some things on your accounts at other sites, but not everything. It’s role-based authorization for APIs.

Right now you give Facebook your Yahoo username and password so they can check so you can connect with Yahoo Mail contacts that are also on Facebook. That’s fine and dandy as long as Facebook doesn’t decide to do anything malicious with your account (like send an email to everyone, pretending to be you). Or as long as their systems aren’t compromised.

What OAuth wants to do is allow you to give Facebook permission to see your Hotmail contacts, but not to send them email, to change your contacts, or to read your mail.

At IMified, we’re looking into the specification and we’ll be implementing support in our apps. When you give us access to post to your Google Calendar, you shouldn’t have to trust us that we won’t also be reading your email. I mean, you can trust us, but you shouldn’t have to.

Mark Atwood
October 8, 2007 12:34 PM

I'm one of the specifiation authors for OAuth Core 1.0, and am very gratified to see all the positive buzz and takeup that it's generating.

This discussion has been closed.

Recently Written

How to advance your Product Market Fit KPI (Oct 21)
Finding the gaps in your product that will unlock the next round of growth.
Developer Relations as Developer Success (Oct 19)
Outreach, marketing, and developer evangelism are a part of Developer Relations. But the companies that are most successful with developers spend most of their time on something else.
Developer Experience Principle 6: Easy to Maintain (Oct 17)
Keeping your product Easy to Maintain will improve the lives of your team and your customers. It will help keep your docs up to date. Your SDKs and APIs will be released in sync. Your tooling and overall experience will shine.
Developer Experience Principle 5: Easy to Trust (Oct 9)
A developer building part of their business on your product needs to believe that you're going to do the right thing for them and their customers.
Developer Experience Principle 4: Easy to Get Help (Oct 8)
The faster you can unblock a stuck developer, the better their experience will be.
Developer Experience Principle 3: Easy to Build (Oct 5)
A product makes it Easy to Build by focusing on productivity for developers building real-world applications.
How to understand your product and your market (Sep 30)
A customer development question you can ask to find out who your product is best for and why they'll love it.
Developer Experience Principle 2: Easy to Use (Sep 28)
Making it Easy to Use means letting the developer do everything without involving you.

Older...

What I'm Reading

Contact

Adam Kalsey

+1 916 600 2497

Resume

Public Key

© 1999-2020 Adam Kalsey.