Yahoo Launches Third-Party Authentication for Developers
If you saw my presentation at O’Reilly Emerging Tech way back in March you might remember that I pre-announced a few products, including a Yahoo! Photos API and some others. At that time we also started discussing a new authentication product for developers that would enable users to access their Yahoo! data through through third party applications, starting with Photos and then hopefully extending to others in time.
We’d originally expected to see this product shortly after I made the announcement, but for one reason or another the release got delayed, and I left Yahoo before we were able to make it generally available. So I was happy to see this morning Dan announced that Browser-Based Auth for Yahoo! Web Services has been released. Good job, guys.
An authentication system for a web services platform is a decidedly un-sexy piece of plumbing, but it’s vital if you want to have a read-write platform that keeps the user in control of their authentication credentials. (One advantage of this scheme is that the user doesn’t have to share their password with a third party developer. Another advantage is that the user can shut off the third party application’s access to their data at any time.) This will enable all kinds of fun new applications, particularly if other Yahoo! properties adopt it for their read/write APIs.
Browser-Based Authentication was one of the most challenging product initiatives I drove when I ran the developer network team at Yahoo! — there were an unbelievable number of moving parts, people to coordinate and risks to consider, not a lot of fortune and glory for the many people who worked on it, and lots of questions as to whether it should even get done in the first place (even though eBay, Flickr and others have had similar authentication schemes for their third party developers for years). So it’s terrific that this is seeing the light of day.
The work I’ve done with platform authentication systems at eBay, Yahoo and elsewhere is factoring into my consulting work today. It’s also touching Approver.com; as I’ve discussed on the Approver product blog, we’re working on an Approver.com API which is coming along nicely. Because everything that Approver does requires authentication, we’re having to do our authentication scheme for third-party developers before we do anything else. We will hopefully be able to share more about this in the next few weeks.
