You may or may not be excited by the acronyms OAuth and IMAP/SMTP, but the combination of them all together is very exciting news. Google Code Labs announced this afternoon that it has just enabled 3rd party developers to securely access the contents of your email without ever asking you for your password. If you’re logged in to Gmail, you can give those apps permission with as little as one click.
What does that mean? It means mashups based on the actual emails in your inbox. If you’ve given a 3rd party app secure access to your Twitter account, then you’ll be familiar with the user experience. The first example out of the gate is a company called Syphir, which lets you apply all kinds of complex rules to your incoming mail and then lets you get iPhone push notification for your smartly filtered mail. Backup service Backupify will announce tomorrow morning that it is leveraging the new technology to back up your Gmail account, as well.
People are often wary about the idea of giving outside services access to their email, and well they should. OAuth is designed to make that safe to do. Combined with the IMAP/SMTP email retrieval protocols, it gives an app a way to ask Gmail for access to your information. Gmail pops up a little window and says “this other app wants us to give it your info – if you can prove to us that you are who they say you are (just give Gmail your password) – then we’ll go vouch for you and give them the info.” The 3rd party app never sees your password and can have its access revoked at any time. You can read more about OAuth, how it was developed and how it works, on the OAuth website.
Why is this so exciting? Because it means that the application we all spend so much time in, where so much of our communication goes on and where you can find some of our closest work and personal contacts – can now have value-added services built on top of it by a whole world of independent developers, without your having to give them your email password.
That’s the kind of thing that the data portability paradigm is all about. It’s the opposite of lock-in and seeks to allow users to take their data securely from site to site, using it as the foundation for fabulous new services. Google says it is working with Yahoo!, Mozilla and others to develop an industry-wide standard way to combine OAuth and IMAP/SMTP.