วันจันทร์ที่ 11 ตุลาคม พ.ศ. 2553

Simplifying the social web with XAuth

Simplifying the social web with XAuth: "

Have you ever seen a webpage with a collection of buttons for sharing or logging in like the ones below?


Screenshot of buttons taken at Pocket Link

Not all of these buttons are equally relevant, but because there is currently no convenient way to share your preferred services publicly, this approach has become extremely popular, even though the complexity of this interface may actually inhibit sharing!

On the desktop, this problem was solved long ago with what is called the “system registry”. When you install a new application, you are asked whether you want the new application to handle certain kinds of files, like photos. So, for example, if you install a new app and set the new application to be the default “handler” for photos, when you double click a photo next time, it’ll automatically open in your new application.

Until today, that kind of registry didn’t exist for the web, but thanks to a new collaboration between Meebo and several parties including Google, an initial launch of a service that acts as a registry for the web can be found at xauth.org.

Let me explain how XAuth works in simple terms: when you sign in to your Google account, Google will notify xauth.org that a user has signed in to a Google account and is maintaining an active session. Throughout this process, Google never shares any of your personal information with xauth.org — only that you have signed into some Google account (Google doesn’t even share which Google account you signed in to). This information is stored locally in your browser, and never on XAuth's servers; XAuth only acts as an intermediary that facilitates sharing this information with third parties that ask for it.

This is similar to installing a new desktop application which registers itself in the system registry. Because the registry is the central place where this information exists, any application that needs this information to function can ask the registry for the list of applications that perform certain functions. Similarly, any site that you visit can ask for the list of your active sessions from xauth.org, and customize its interface according to your preferences.

Now, there are two importance differences between xauth.org and the system registry:

  • First, when you sign out of your Google account, Google will notify xauth.org that your session has ended. Any site that asks xauth.org for the list of active sessions from that point forward will no longer see Google listed.
  • Second, you can control which sites show up on xauth.org, and are therefore available to the sites that you visit. In fact, on xauth.org, you can choose to delete or block service entries, or disable XAuth altogether.

We think that XAuth can simplify and improve the social web, while keeping your private information safe. This is just one of many steps that Google is taking, along with others in the industry, to make the social web easier and more personalized.

Posted by Chris Messina, Social Web Team
"

0 แสดงความคิดเห็น: