CNET también está disponible en español.

Ir a español

Don't show this again


Google adds OAuth to widget mashups

The search giant's Google Gadgets platform is adopting the open authentication standard for controlling privacy. Move follows June move to use OAuth for the Google Data API.

Google has adopted OAuth, an open Web authentication standard for controlling privacy, for its widget platform, Google Gadgets.

If a user has personal information stored on one Web site, OAuth provides a mechanism for him or her to authorize that Web site to share the data with another Web site or widget. It also makes it possible to do this without the first site having to reveal the user's identity to the second site.

Google announced in June that it was to adopt OAuth for sharing data through its Google Data application programming interface. The company on Tuesday said it will now also use OAuth for Google Gadgets, which are interactive mini applications for the desktop that show, for example, personalized news feeds or localized weather reports.

"We also previously announced that third-party developers can build their own iGoogle gadgets that access the OAuth-enabled APIs for Google applications such as Calendar, Picasa, and Docs," Eric Sachs, Google's senior product manager for security, wrote in a blog post on Tuesday. "In fact, since both the gadget platform and OAuth technology are open standards, we are working to help other companies who run services similar to iGoogle to enhance them with support for these standards."

Sachs added that the new OAuth-enabled gadgets being created for iGoogle would also work on those other sites, including many of the gadgets that Google offers for its own applications. "This provides a platform for some interesting mashups," he wrote.

"It would allow a mutual fund, for example, to provide an iGoogle gadget to their customers that would run on iGoogle, and show the user the value of his or her mutual fund, but without giving Google any unique information about the user, such as a Social Security number or account number," Sachs wrote. "In the future, maybe we will even see industries like banks use standards such as OAuth to allow their customers to authorize utility companies to perform direct debit from the user's bank account without that person having to actually share his or her bank account number with the utility vendor."

David Meyer of ZDNet UK reported from London.