Last night I mentioned that we'd have a few more announcements on the Yahoo! Developer Network today.
I just posted the latest: Browser Based Authentication or BBAuth as we like to call it.
Our Browser Based Authentication (BBAuth) is a generic mechanism that will allow users to grant 3rd party web-based applications access their Yahoo! data. There's already a similar mechanism in place on Flickr and used by services like MOO. BBAuth is the protocol that's going to open the door to doing the same thing for many Yahoo! branded services in the coming months. Stay tuned for those announcements. :-)
Beyond that, BBAuth also makes it possible to use Yahoo! as a single sign-on for your site, thus removing a barrier to entry for a whole lot of people (over 200 million to be exact). This is still fairly experimental, so we'd love to get your feedback and input on how to make it even more useful.
The first two Yahoo! services supporting BBAuth are Yahoo! Photos (API) and Yahoo! Mail (API only available to Hack Day attendees at the moment).
This was a long time in the making, so it's quite a relief to get it out the door. Special thanks to the folks in Photos and Mail for getting support enabled in time for Hack Day.
And special thanks to Dan Theurer, who did a ton of the work on the YDN side. See Launching the Un-Launch-Able post for his take.
Posted by jzawodn at September 29, 2006 10:02 AM
What can I as an application developer do using the authentication API?
This doesn't seem to be answered on the site you linked to, at least not clearly.
Can I store arbitrary key=>value pairs? More than that? What Yahoo data can I ask the user to grant me?
I could not find any of these nitty gritty details, which basically constitute why I would want to use the service. The FAQ outlined the limits of the service before it really told me what the service was (that's like the first FAQ question, but the answer is vague marketing stuff).
This seems exciting. Dave Winer seems to think so. Just confused on what exactly this enables.
Return of the Yahoo
I have been wanting to talk about Yahoo and their aggressive pursuit of Google in the Internet space for awhile. The biggest manifestation of this has been their courting of developers to leverage their ecosystem. But this is big - this IMHO puts them abreast if not ahead of Google right now.
Tee Hee Hee - now just imagine if one product supported BB Auh, imported Facebook and gatewayed to OpenID.
Hmmmmmm - I know we can call it a PeopleAggregator.
:-)
Love yah babe! Sorry I couldn't make it there - but my soula nd spirit are with you.
I liked it better in 2001 when it was called Hailstorm!
Hey Jeremy
While I think this is great for Web 2.0 developers to get access to Yahoo services, it would have been *so* much better if it would have been a user-centric model. Hopefully this is a first step in Y! adopting a user-centric model in the future. I wrote a little about it at:
I'm keen to ensure that no part of the information I trust Yahoo with is leaked to other sites, including the existence or otherwise of a Yahoo account. As a user, how can I ensure that the requests are always automatically rejected without giving the calling site a clue about whether I do or do not have a Yahoo ID?
Congratulations on the launch, though! It's an area where the technical me and end user me have different views.
James,
The third party never sees any data about you--only that which you tell them yourself.
So if I'm understanding this right, this is Yahoo's answer to the thing Microsoft has had for the last 4 or so years (PassPort)?
Not really, no.
This is simply an easier on-ramp for users getting onto new services. It benefits new sites, existing Yahoo users, and it's free for both parties.
Does "the thing Microsoft has had" feel like they opened up a larger userbase to third party sites with few strings attached? If so, I'd like to know what that thing is.
Comparing to Google's Account Authentication API (GAAAAAAA....)
http://code.google.com/apis/accounts/Authentication.html
I suppose YaHoo's advantage is the much larger pool of Yahoo users?
Technically, it's the same, no?
-Ram
Like Ryan I am a little confused about the wider benefits of BBauth. My initial take is that it encourages people to register with Yahoo so they can access a third party sites which require registration and use BBauth. However, presumably the operators of third party sites can't access any information about their users who come in via Yahoo.
From a user perspective this may be attractive, but it doesn't seem very attractive to the third party site operator.
I am not sure how this is different from typekey from SixApart? What kind of data is going to be accessible to third party apps?
Why not OpenID? I would suggest some clarification about this matter as it will ultimately affect the uptake of this effort.
My $0.02 :-)
In the Y! developer network table of contents, the item labeled "Design Pattern Library" has a tool tip that reads "Sweet, tasty pattens!". I would guess that's a typo?
As a third party site we find it very attractive and are working on integration now. With the user hash it's a starting point for a relationship with the member, that can provide a key into the side door for you to start customizing the experience for the visitor.
It's step number one from a visitor who you'll probably never see again to someone who had a good, fast authentication experience that worked with something they already have.
Growing from a small to big site you face a lot of hurdles - people show up, like what you have to say but grimace about another username and password. Then they see that their handy dandy yahoo! login gets them quick access to comment or start getting involved. After that initial step you can then work on expanding the proposition to the user and convert them to deeper membership levels.
It's like meeting a girl at a bar - you didn't get her phone number but she got yours. It's at least the start of what could become a relationship, not a fleeting read and leave.
It would have been excellent if out of the gate you had implimented OpenID API. I look forward to being able to really get excited about BBAuth.
