Home It’s Official: Mashup Privacy Protocol OAuth Is Fair Game

It’s Official: Mashup Privacy Protocol OAuth Is Fair Game

OAuth, the open authorization protocol standard that will let users give limited access to their data to third party websites without giving away their passwords, crossed an important threshold tonight.

All parties involved in building the spec have signed a covenant of non-assertion, meaning that OAuth can now be safely implemented anywhere without concern about Intellectual Property lawsuits. If you think this is too geeky for you – try out the live demo embedded below.

We celebrated Google’s addition of OAuth to all the Google Data APIs in July, but for all you cautious types out there – there’s not much excuse anymore. No more passwords are required and a greenfield for mashups is now wide open.

The parties that contributed to building OAuth and have singed the promise not to sue are: Yahoo, Google, AOL, Twitter, Ma.gnolia, Citizen Agency, Wesabe, Pownce and Six Apart. Also signing as individuals were Eran Hammer-Lahav, Mark Atwood and Blaine Cook.

What is OAuth?

OAuth is a standard protocol for one web site to access user information on another website without asking the user for their password, but accepting confirmation from the 2nd site that the person is in fact who they claim to be. As Eran Hammer-Lahav, Open Web Evangelist at Yahoo! and OAuth point-man, told us tonight: “It is a way to build distributed services across multiple vendors while still keeping your data as private and safe as you would like it to be. You can limit it, for example – for time (like only one day), only read access, photos only and not videos, etc.”

Why is this important? This is a key technical step towards making data portability real. It creates a path for users to move data they’ve created on one service into another service that can then offer new features or personalization based on what the users have exposed to them about themselves from elsewhere. It’s a big ingredient in a recipe for innovation, in the form of mashups or otherwise.

How is it different than OpenID? It’s a related, but different way to move data around. OpenID got a non-assertion covenant signed almost a year ago and provided, along with the Apache Foundation, the basis for the OAuth covenant. There’s a whole lot that can be done with both of these protocols and we look forward to seeing them develop together.

What does OAuth look like in the wild? Below are two examples. The first is a screenshot of Yahoo’s location based service Fire Eagle asking a user if they want to grant permission for another app to access their data on Fire Eagle.

Screenshot from Chris Messina.

The second example is a mock live demo of OAuth in an iframe, created by Eran Hammer-Lahav. A detailed explanation of this demo can found here.

Pretty awesome, no? So let’s get the safe, granular data porting rolling! We eagerly anticipate a growing ecosystem of apps that do things with user data that were never possible before. As Eran Hammer-Lahav, who’s been working on this full time at Yahoo! almost all year, says – the web owes him a beer.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.