This is a link to a video of a tech talk given a few months ago.
The topic is OAuth which stands for Open Authorization. This is a protocol for one web site to use the Web Services of another web site. For example, if our client ThingsAsian.com wanted to make use of Flickr to get photos, TA would use the OAuth protocol. The user (using OAuth without knowing it) could have a private Flickr account and use it for TA photos by logging into TA, give TA access to their account, and copy the photos they want into TA using the Flickr API. That is one example of use that came to mind.
The talk was pretty good through the first half (total time 40 min.), which is the part I watched. The talk is not actually all that technical through that point and describes the users perspective of the process.
This is good time spent to know about open protocols for this sort of thing. I think we will be getting more and more into this sort of thing. Seems to be where the world is going.
Tags: external services, protocol, web2.0
Thanks for the post. I agree that this is the direction that the world is going–this was the promise of Web services and my read is that it is beginning to be actualized and is one factor in the cost of development going down.
A similar idea at a higher (user) level is OpenID, which is a single-sign-on framework that is intended to be used across multiple sites.
This is basically how it works.
1. You designate a particular site as your OpenID provider. In my case, I chose WordPress. My OpenID is just a URL: “http://<username>.wordpress.com/”
2. At any other site which supports OpenID, you can provide this URL rather than a username and password. This solves the problem of having hundreds of usernames and passwords.
3. When you provide your OpenID to try to login to a new site, you are redirected to your OpenID provider (i.e., WordPress.com) which asks you to approve or deny the request. If you approve, the site gets added to the list of sites recognized by your OpenID provider. You can remove a site at any time.
4. In the future, when you try to login to a site, if you are already logged into your OpenID provider, you are automatically signed on. If you are not already logged in, you are directed to the OpenID provider to login.
OpenID has recently gotten a lot of adoption, with Yahoo! deciding this month to add its 250 million strong user base to the initiative (available 1/30 in public beta). Google is reportedly considering it, too. I think this will become the de facto standard, and should be considered as a login possibility for any public sites under development.
On the topic of OpenID Jeff and I found the Verisign has a free OpenId Provider.
It seemed to work more seamlessly at least on the sites we tried. It also has a cool Firefox plug-in, so you can see if you are logged in or not and if not click the button to go to the login.
For the forgetful among us it is nice to have the little button in view.
https://pip.verisignlabs.com/learnmore.do