Dave Johnson on open web technologies, social software and Java
I'm going to be following up my OAuth everywhere! post, with several more OAuth related posts this week. So, just in case you are wondering "why is Dave going off on this cockamamie OAuth tangent?", I'll take some time now to explain a little about OAuth to help you understand.
OAuth is a emerging protocol that one web site can use to access your data on another website without asking you to reveal your username and password. For example, when the sinister BuddyNet9000(TM) Social Network site wants to access your GMail account so it can spam your "friends" on your behalf, you can use OAuth to give it access without telling it your username and password. Why risk your GMail security when all you want to do is spam some people? There are less snarky examples, but that one makes the point well, I think.
There's a good end-user oriented introduction on OAuth.net titled Beginner's Guide to OAuth: Protocol Workflow. OAuth is not that widely deployed yet, and is not perfect, but it is emerging and going the IETF standards route.
I'm interested in OAuth because it's part of the OpenSocial spec, used to authorize access to the OpenSocial REST API and to enable OpenSocial Gadgets to call out to OAuth protected resources. Also, because it's used to protect AtomPub-based services, including the Google Data APIs. I needed to learn about it for my Roller and SocialSite work and if you're going to be doing much OpenSocial work, you'll need to learn about it too.