Google has adopted the OAuth web-authentication standard, an open standard for controlling privacy, for its gadget platform.

If a user has personal information stored on one website, OAuth provides a mechanism for him or her to authorise that website to share the data with another website or gadget. It also makes it possible to do this without the first site having to reveal the user's identity to the second site.

Google announced in June that it was to adopt OAuth for sharing data through its Google Data application programming interface (API). The company said on Tuesday that it will now also use OAuth for Google Gadgets, which are interactive mini-applications for the desktop that show, for example, personalised news feeds or localised weather reports.

The first Google Gadgets to use OAuth are those created by MySpace, AOL Mail and Google Books for the iGoogle personalised webpage.

"We also previously announced that third-party developers can build their own iGoogle gadgets that access the OAuth-enabled APIs for Google applications such as Calendar, Picasa, and Docs," Eric Sachs, Google's senior product manager for security, wrote in a blog post on Tuesday. "In fact, since both the gadget platform and OAuth technology are open standards, we are working to help other companies who run services similar to iGoogle to enhance them with support for these standards."

Sachs added that the new OAuth-enabled gadgets being created for iGoogle would also work on those other sites, including many of the gadgets that Google offers for its own applications. "This provides a platform for some interesting mashups," he wrote.

"It would allow a mutual fund, for example, to provide an iGoogle gadget to their customers that would run on iGoogle and show the user the value of his or her mutual fund, but without giving Google any unique information about the user, such as a social security number or account number," Sachs wrote. "In the future, maybe we will even see industries like banks use standards such as OAuth to allow their customers to authorise utility companies to perform direct debit from the user's bank account without that person having to actually share his or her bank account number with the utility vendor."

Related links

Leave a comment

You must read and type the 6 chars within 0..9 and A..F

* indicates mandatory fields.

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff Aussies to pay more for Win 7

    If you are looking to make some money in these troubled times, perhaps importing copies of Windows 7 could be for you. Read more »

    -- posted by Staff

  • Staff Firefox: Greens want it, 3.5rc2 not up to par

    This week's roundup looks at the situation surrounding a campaign to change Outlook HTML renderer, a Greens MP wants to install Firefox but is restricted and all the photos from the iPhone 3GS launch. Read more »

    -- posted by Staff

  • Chris Duckett Microsoft misses the Outlook point

    Ask designers which mail program is the bane of their existence, and you'll find that Outlook tops the list. The reason why the most popular email reader is also the most painful is simple: it uses Word to render HTML emails. Read more »

    -- posted by Chris Duckett

What's on?