Yahoo has released a new product called BBAuth just in time for its open HackDay today and tomorrow. It’s a mechanism for non-Yahoo applications to access Yahoo’s authentication mechanism and user data in a secure manner.
Most mashups today do not access personal data because of the security issues (not to mention the fact that companies usually think of user data as proprietary). The classic mashup example is mixing Google or Yahoo maps with other data. But there are far fewer examples of mashups involving user data protected from the rest of the Internet via a sign-in procedure.
BBAuth fixes that problem when it comes to accessing data locked up at Yahoo. Using the tools Yahoo provides, non-Yahoo applications can request a user to sign in to Yahoo and give permission for Yahoo user data to be sent to the non-Yahoo application. Yahoo’er Dan Theurer explains how it works in more detail, and points to two test applications he created. The first shows how it can be used to allow sign in via Yahoo credentials, and the second shows how you can access Yahoo photos data outside of Yahoo.
There are two pieces to BBAuth. The first is a single sign on tool to authenticate the user. The second piece is a set of APIs to get into specific Yahoo services and interact with user data. For example, the Yahoo Photos API allows other applications to, among other things, upload photos, tag photos, and modify titles and descriptions. Yahoo is also opening up Yahoo Mail through BBAuth.
Dave Winer says this is a “huge deal” and I agree. See what Yahoo’s Jeremy Zawodny says about BBAuth as well.
It’s worth noting that Amazon is doing the same thing (but in a limited way) with it’s S3 storage product, and eBay is supposedly testing third party authentication for purposes of verifying (but not changing) user feedback ratings.
See all
Post
that will be quite cool, web 2.0 applications are definately here to stay
Oh..cool…Is this concept of BBAuth more like Microsoft Passport?…Its pretty exciting to see what kind of mashup applications would be developed with this…
Very cool. If you’re a Web 2.0 startup and want to get bought out by Yahoo, this is a great way to show up on their radar and cozy up. I say this half-seriously.
i think a better use of this is using it to accept yahoo accounts on a non yahoo service
much like a credit card
This sounds very similar to what google annouced a while ago. It usefull if you want to get to data in there silos, although check the small priknt there are some silly restrictions and timeouts etc..
I wonder if Microsoft will surpass both of these by actually using a federate ID approach rather than the old proprietary my silo angle. Heres hoping, anyone out there on the inside of Microsofts plans for Live?
regards
Al
Matt, eBay has actually had a third-party developer authentication scheme in production for some time now. More details: http://mcmanus.typepad.com/gri.....ches_.html
What functionality will this have over something like passport?
If this is just a sign in feature like passport I think yahoo is late. but I think yahoo will let other web 2.0 apps get involve and use yahoo data fron photos, flickr, travel etc.
Dick (A guy that really understands id/auth) sums it up nicely http://identity20.com/?p=79
BBAuth is fundamentally different from MS Passport in that it can be used with other sign-on solutions, it is not bound to a credit card or personal information, and it does not lock-in developers or users.
Besides that…it’s free
Microsoft, Google, Yahoo, eBay… Single-sign on… YAWN
Why not openID?? http://openid.net/ There are emerging standards that could be made to work with some TLC and a marketing push. As the link Al points to, this is just building identity “silos”.
Annoying. Underwhelming.
Microsoft seems to be taking a completly opposite direction from Yahoo! and Google - client based identity management through CardSpaces. I think I like MS’s direction much more.
I agree with OpenID http://openid.net/ , I think it’s a great system to use.
This system does sound a lot like OpenID. I am still tempted to write a simlar system though. Not because I want everyone to use it, but because it would be cool to do.
The question I have about all these new “open user account” systems that are popping up is this:
I am still going to have to have multiple accounts for multiple sites because a site by MS is not going to use Yahoo’s user info. I also wonder how well my data is going to be guarded.
Cody Mays
http://www.threadbound.com
This is probably the 3th system like like…SixApart, Microsoft Passport and now Yahoo!…The issue with such systems really is that users don’t really want parties that don’t add any value to the transaction to participate/intermediate.
I guess its users inherent distrust of brokers and the deep rooted expectation that brokers are gonna want to get a cut…In web transaction in terms of privacy.
I think (haven’t used it) Google also is offering a similar service: Google Account Authentication
It may be Hailstorm/passport reborn but there are millions of exitsingYahoo! users whose home page is set to, say, My Yahoo! and I would not mind a way to provide easier access to them without requiring the users to create yet another account on my site , still have some idea of who they are, and not have to worry about when they lose their passwords.
Not good for business sites that require single-sign crossing multiple domain boundaries.
What the world would really need would be apis way easier to use to really spread the word.
~frank
very smart move by yahoo! we’ve been spending more time on their developer programs and they’ve built out a very robust offering and support system. bbauth is what passport could have been. firefly was a very smart team at mit and had their heads bolted on right for solving single sign-on/auth/privacy, but it dissapeared into microsoft’s confused corridor of web strategy. yahoo! has the membership and an open approach combined with buying the right companies.
I’ll echo what Ernest Nova wrote - instead of “Sign in or register for an account” why not tie into these additional auth services for the majority of users who are already using them: “Sign in, or sign in with Yahoo|Google, or register for an account”.
This is exactly what I was looking for, thanks for the great information.
It is a great resource: I just wish it was a little easier to work with for notices (such as self)