API U Series

How The Green Button Initiative Secured Its APIs With OAuth

One of the biggest promises of application programming interfaces (APIs) has to do with their ability to democratize access to data. By setting a standard means for data access -- such as through a RESTful API -- developers of all stripes are enabled to build applications that are limited only by their imaginations.

Nowhere else has the clarion call to democratize data echoed louder than in Washington, DC where the Obama administration, by way of executive order, mandated an open data initiative to make all government generated data machine readable. After all, the majority of federal agency generated data belongs to The People; the citizens of the United States. It only stands to reason that it should be easily available, particularly through programmatic interfaces (as opposed to that data rotting in a binder in a file cabinet in some agency's basement archive).

Taking that mandate to heart, the US federal government and all of its agencies have been using APIs to wrap as much of The People's data as possible for the better part of the last decade. And they didn't stop there. The federal government has also urged various industries to similarly open up their data, particular in cases like healthcare and energy where much of the data rightfully belongs to customers already.

One of those efforts is the Green Button Initiative. As energy consumers (people, businesses, and other organizations) consume power, they generate an enormous amount of metadata about that consumption. When was it consumed? Where was it consumed? Where did the energy came from? How much did that energy cost? And so on. This data, made available in the right contexts, not only belongs to energy consumers, it can be leveraged to optimize both the provision and consumption sides of the energy industry in a way that better matches the supply to the demand in an era where sustainability is a major underlying concern.

But, in order to achieve that degree of optimization means that the data will have to flow rather frictionlessly across multiple parties with multiple business interests and who have varying degrees of authority and permission to see some or all of that data. In the interests of their security and privacy, energy consumers must be able to federate access to their personal data which itself might be stored with the original energy provider (ie: the local electric utility). On the surface, it sounds a bit like a three-party Oauth workflow. And it essentially is. But to make Oauth work for this use case, the National Institute of Standards and Technology (NIST) would have to push Oauth to the very limits of its flexibility with some inventions of its own. And that's exactly what NIST did. At the request of ProgrammableWeb, the chief architects of the Green Button Initiative have chronicled the details of their journey so that other similar use cases around the world can freely benefit from their inventions.

This is the introduction to our series What is The Green Button API initiative and How It Took OAuth To An Entirely New Level. This article will help you understand what the Green Button API Initiative is and how it came about. Green Button is part of the Obama Administration's My Data...
This is the first part of our series What is The Green Button API initiative and How It Took OAuth To An Entirely New Level. In this part we will take a look at some of the primary use cases of the initiative including the data custodian, third party entities and retail customers.
This is part 2 of our series on the Green Button API initiative. This article examines the architectural underpinnings, including the requirements and standards behind the initiative. The Green Button technology is based on existing standards that were assembled to meet the identified requirements.
This is part 3 of our series on the U.S. government's Green Button API initiative. In this part, we will describe the building blocks of Green Button technology and how they respond to the project requirements with respect to authorization of access to data provided to third parties.
This is part 4 of our series What is The Green Button API initiative and How It Took OAuth To An Entirely New Level. In this part we explain the structure of Green Buttons’ scope parameters and illustrate the data exchanges and protocol used to implement Green Button’s scope negotiation.
This is part 5 of our series What is The Green Button API initiative and How It Took OAuth To An Entirely New Level. Here, we look at how Green Button data, due to its regularly renewed nature needed to adopt a pseudo PUSH model that was consistent with the OAuth resource data exchange model.
This is the conclusion to our series What is The Green Button API initiative and How It Took OAuth To An Entirely New Level. It provides a set of references for enriched additional information for the reader about technologies and choices made in the design of the Green Button architecture.