Google is embracing a new security standard for its
Gadgets
online widget platform by adding support for the
OAuth system.
The open standard is designed to allow sites to share user information
securely for mash-up apps while still allowing users to authorise what data is
disclosed.
Google said that it had previously used a proprietary standard for Gadget
security, but hopes that the move to OAuth will allow for Gadgets and the
iGoogle service to securely expand to other web-based application platforms.
The search giant believes that OAuth will allow different Gadget developers
and sites to share data between its own platform and mash-ups based on other
platforms such as MySpace.
Eric Sachs, senior product manager for Google's security branch, explained in
a
blog
posting that the system would give users precise control over which sites
will be able to share and access information.
Before allowing data to be swapped, the user must allow the site to access
information from other services, and only the specified data will be shared.
"One privacy control provided by OAuth is that it defines a standard way for
users to authorise one website to make their data accessible to another website,
" wrote Sachs.
"In addition, OAuth provides a way to do this without the first site needing
to reveal the identity of the user; it simply provides a different opaque
security token to each additional website the user wants to share his or her
data with."
To kick off the new feature, Google is launching OAuth-equipped Gadgets for
AOL Mail, MySpace and Google Book Search. The company has also set up a
documentation
library for Gadget developers.
Do you agree?
Have your say on this article