OAuth

Phil Wilson, University of Bath, 2008

what the?

"OAuth provides a way to grant access to your data on some website to a third website, without needing to provide this third website with your authentication information for the original website."  - source  

what the?

Allows a website access to your password-protected information without needing to give your password to the website

password anti-pattern

in exchange...

every single twitter application (desktop and web tools, twitpic, mobile) asks for your twitter username and password

at which point they own your status updates

you know all those sites which say "put this number on your page to show that you own it" ?

source (screenshot by Tantek Çelik)Tantek Çelik)

"please type your University username and password"

enter OAuth

most of these are unnecessary

Google ContactsAPI

 

OAuth and OpenID

OAuth logs a website in to the place where you store your information - it's not about you logging in

Is this useful to us?

• probably! • any data that we might want to provide to third-party sites

 • export your blog? wiki space? other personal data?

 • do we ever want to import data?

any more time?

Adoption?

• widespread • part of a bigger stack providing open-source-like sharing of

information between sites and applications  • Yahoo!, http://developer.yahoo.com/oauth/

 • Google,

http://code.google.com/apis/accounts/docs/OAuth.html •  lots and lots of others, no MS yet!

What about Facebook Connect?

"Facebook Connect ... allows any website to connect to facebook to get

user's information, and friend list."

Facebook Connect

Facebook Connect roughly equivalent to OpenID + OpenID Attribute Exchange + Portable Contacts + OpenSocial http://tinyurl.com/6eoys4 for more

 

Thanks!

questions