« Previous post
Next post »

September 29, 2006

Yahoo’s BBAuth Will Allow Better Mashups

Michael Arrington

31 comments »

Yahoo has released a new product called BBAuth just in time for its open HackDay today and tomorrow. It’s a mechanism for non-Yahoo applications to access Yahoo’s authentication mechanism and user data in a secure manner.

Most mashups today do not access personal data because of the security issues (not to mention the fact that companies usually think of user data as proprietary). The classic mashup example is mixing Google or Yahoo maps with other data. But there are far fewer examples of mashups involving user data protected from the rest of the Internet via a sign-in procedure.

BBAuth fixes that problem when it comes to accessing data locked up at Yahoo. Using the tools Yahoo provides, non-Yahoo applications can request a user to sign in to Yahoo and give permission for Yahoo user data to be sent to the non-Yahoo application. Yahoo’er Dan Theurer explains how it works in more detail, and points to two test applications he created. The first shows how it can be used to allow sign in via Yahoo credentials, and the second shows how you can access Yahoo photos data outside of Yahoo.

There are two pieces to BBAuth. The first is a single sign on tool to authenticate the user. The second piece is a set of APIs to get into specific Yahoo services and interact with user data. For example, the Yahoo Photos API allows other applications to, among other things, upload photos, tag photos, and modify titles and descriptions. Yahoo is also opening up Yahoo Mail through BBAuth.

Dave Winer says this is a “huge deal” and I agree. See what Yahoo’s Jeremy Zawodny says about BBAuth as well.

It’s worth noting that Amazon is doing the same thing (but in a limited way) with it’s S3 storage product, and eBay is supposedly testing third party authentication for purposes of verifying (but not changing) user feedback ratings.

  • Sphere It

This entry was posted on Friday, September 29th, 2006 at 1:48 pm and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

  1. <CONTENT /> v.4 » Blog Archive » Yahoo Opens User Authentication

    September 29th, 2006 at 3:18 pm

  2. Yahoo! Single Sign On APIs Release « Karma - Identity, Trust and Reputation on the Web

    September 30th, 2006 at 10:51 am

  3. e-Fuze Mobile » Yahoo! Launches BBAuth

    September 30th, 2006 at 10:52 am

  4. GigaOM » Yahoo looks outside for Mojo

    September 30th, 2006 at 3:38 pm

  5. PI.Blog » Blog Archive » An interesting development in the identity2.0 / SSO world

    September 30th, 2006 at 8:01 pm

  6. Jones Apparel Hires Designer to Revamp Anne Klein Line « Stockbaggers

    October 1st, 2006 at 12:02 pm

  7. VentureBeat Wire » Mashery raises less than $1M for mashup controls; Yahoo’s BBAuth

    October 2nd, 2006 at 6:29 am

  8. Techcrunch » Blog Archive » Google does the mashup dance

    October 3rd, 2006 at 2:01 pm

  9. Google does the mashup dance » JenIT

    October 11th, 2006 at 8:43 am

Comments

RSS feed for comments on this post.

  1. ehigie aito

    September 29th, 2006 at 2:44 pm

    that will be quite cool, web 2.0 applications are definately here to stay

  2. Kiran

    September 29th, 2006 at 2:48 pm

    Oh..cool…Is this concept of BBAuth more like Microsoft Passport?…Its pretty exciting to see what kind of mashup applications would be developed with this…

  3. Drama 2.0

    September 29th, 2006 at 3:14 pm

    Very cool. If you’re a Web 2.0 startup and want to get bought out by Yahoo, this is a great way to show up on their radar and cozy up. I say this half-seriously.

  4. atomic1fire

    September 29th, 2006 at 3:17 pm

    i think a better use of this is using it to accept yahoo accounts on a non yahoo service
    much like a credit card

  5. Al

    September 29th, 2006 at 3:24 pm

    This sounds very similar to what google annouced a while ago. It usefull if you want to get to data in there silos, although check the small priknt there are some silly restrictions and timeouts etc..

    I wonder if Microsoft will surpass both of these by actually using a federate ID approach rather than the old proprietary my silo angle. Heres hoping, anyone out there on the inside of Microsofts plans for Live?

    regards
    Al

  6. Jeffrey McManus

    September 29th, 2006 at 3:29 pm

    Matt, eBay has actually had a third-party developer authentication scheme in production for some time now. More details: http://mcmanus.typepad.com/gri.....ches_.html

  7. mikep

    September 29th, 2006 at 3:30 pm

    What functionality will this have over something like passport?

  8. maulin

    September 29th, 2006 at 3:43 pm

    If this is just a sign in feature like passport I think yahoo is late. but I think yahoo will let other web 2.0 apps get involve and use yahoo data fron photos, flickr, travel etc.

  9. Al

    September 29th, 2006 at 3:55 pm

    Dick (A guy that really understands id/auth) sums it up nicely http://identity20.com/?p=79

  10. Dan

    September 29th, 2006 at 4:01 pm

    BBAuth is fundamentally different from MS Passport in that it can be used with other sign-on solutions, it is not bound to a credit card or personal information, and it does not lock-in developers or users.

    Besides that…it’s free

  11. Daniel

    September 29th, 2006 at 4:24 pm

    Microsoft, Google, Yahoo, eBay… Single-sign on… YAWN

    Why not openID?? http://openid.net/ There are emerging standards that could be made to work with some TLC and a marketing push. As the link Al points to, this is just building identity “silos”.

    Annoying. Underwhelming.

  12. Jim

    September 29th, 2006 at 5:22 pm

    Microsoft seems to be taking a completly opposite direction from Yahoo! and Google - client based identity management through CardSpaces. I think I like MS’s direction much more.

  13. Mike

    September 29th, 2006 at 6:21 pm

    I agree with OpenID http://openid.net/ , I think it’s a great system to use.

  14. Cody Mays

    September 29th, 2006 at 8:10 pm

    This system does sound a lot like OpenID. I am still tempted to write a simlar system though. Not because I want everyone to use it, but because it would be cool to do.

    The question I have about all these new “open user account” systems that are popping up is this:
    I am still going to have to have multiple accounts for multiple sites because a site by MS is not going to use Yahoo’s user info. I also wonder how well my data is going to be guarded.

    Cody Mays
    http://www.threadbound.com

  15. Jitendra

    September 29th, 2006 at 9:11 pm

    This is probably the 3th system like like…SixApart, Microsoft Passport and now Yahoo!…The issue with such systems really is that users don’t really want parties that don’t add any value to the transaction to participate/intermediate.

    I guess its users inherent distrust of brokers and the deep rooted expectation that brokers are gonna want to get a cut…In web transaction in terms of privacy.

  16. Saurier

    September 30th, 2006 at 1:25 am

    I think (haven’t used it) Google also is offering a similar service: Google Account Authentication

  17. Ernest Nova

    September 30th, 2006 at 10:17 am

    It may be Hailstorm/passport reborn but there are millions of exitsingYahoo! users whose home page is set to, say, My Yahoo! and I would not mind a way to provide easier access to them without requiring the users to create yet another account on my site , still have some idea of who they are, and not have to worry about when they lose their passwords.

  18. Sean

    September 30th, 2006 at 9:35 pm

    Not good for business sites that require single-sign crossing multiple domain boundaries.

  19. Frank

    September 30th, 2006 at 11:43 pm

    What the world would really need would be apis way easier to use to really spread the word.
    ~frank

  20. marble2

    October 1st, 2006 at 9:15 am

    very smart move by yahoo! we’ve been spending more time on their developer programs and they’ve built out a very robust offering and support system. bbauth is what passport could have been. firefly was a very smart team at mit and had their heads bolted on right for solving single sign-on/auth/privacy, but it dissapeared into microsoft’s confused corridor of web strategy. yahoo! has the membership and an open approach combined with buying the right companies.

  21. Patrick Fitzgerald

    October 2nd, 2006 at 1:16 pm

    I’ll echo what Ernest Nova wrote - instead of “Sign in or register for an account” why not tie into these additional auth services for the majority of users who are already using them: “Sign in, or sign in with Yahoo|Google, or register for an account”.

  22. sign

    October 19th, 2006 at 10:19 am

    This is exactly what I was looking for, thanks for the great information.

« Previous post
Next post »