Google opens up for mashup security

Google opens up for mashup security, By Shaun Nichols, November 20, 2008
Google is embracing a new security standard for its Gadgets online widget platform by adding support for the OAuth system. The open standard is designed to allow sites to share user information securely for mash-up apps while still allowing users to authorise what data is disclosed. Google said that it had previously used a proprietary standard for Gadget security, but hopes that the move to OAuth will allow for Gadgets and the iGoogle service to securely expand to other web-based application platforms. The search giant believes that OAuth will allow different Gadget developers and sites to share data between its own platform and mash-ups based on other platforms such as MySpace. Eric Sachs, senior product manager for Google’s security branch, explained in a blog posting that the system would give users precise control over which sites will be able to share and access information. Before allowing data to be swapped, the user must allow the site to access information from other services, and only the specified data will be shared. “One privacy control provided by OAuth is that it defines a standard way for users to authorise one website to make their data accessible to another website, ” wrote Sachs. “In addition, OAuth provides a way to do this without the first site needing to reveal the identity of the user; it simply provides a different opaque security token to each additional website the user wants to share his or her data with.” To kick off the new feature, Google is launching OAuth-equipped Gadgets for AOL Mail, MySpace and Google Book Search. The company has also set up a documentation library for Gadget developers.