The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Security", Category: "Scanning"
Google is making it even easier for developers wishing to implement OpenID with the OAuth. Google has announced that developers can now utilize a "Hybrid Protocol" that combines the OpenID federated login with the OAuth authorization process. The new OpenID OAuth extension makes it easier for developers to implement OAuth through initial authentication using OpenID. According to Yariv Adan on the Google Data APIs Blog:
Websense, a leading web security company, has announced that it has acquired Defensio, the anti-comment-spam service. Last fall we wrote about Defensio and its API and how it lets developers submit text snippets, such as comments from blogs and forums, which is then analyzed to return an indication of the likelihood that the text is spam. In the announcement, Websense notes these capabilities:
OpenID holds much promise as a means of supporting a single digital identity that can be used across the Internet. Currently there are several types of OpenID identity providers out there, and several of the major players on the web, including AOL, Microsoft, Google, and Yahoo!, have committed to become OpenID providers as well. While there is some concern about the 'Balkanization' of OpenID by these service providers (essentially the concern is over the fact that service providers will only provide OpenIDs and subsequently they will not become consumers of OpenIDs from other providers), the positive side of this adoption is that hundreds of millions of existing user accounts can now be used as OpenIDs.
Yahoo! has announced the rollout of some limited tests for OpenID's Simple Registration specification. If you're not familiar with OpenID, it's an innovative way for handling user authentication that provides a free and easy way to use a single digital identity across the Internet.
A wide array of content and functionality has been incorporated into the ever-growing number of mashups out on the web today. From enterprise mashups to proof-of-concept hacks, developers and would be developers are leveraging the power of mashups to provide information in new and compelling ways. Mashups are still a relatively new phenomena, and as this new type of online application evolves it will become increasingly more important to ensure that your mashup adheres to a variety of best practices. Summarized below are five key best practices that you should strive to use in the development of your mashup.
What happens when the API is technically secure but the environment, whether widget, web site or mashup, is not? Recent security breaches in MySpace and Yahoo, which led to the release of semi-embarrassing photos of prolific celebs Paris Hilton and Lindsay Lohan, points out the added opportunities for hackers in the open web.
Standardization, or lack thereof, around identity, authentication and authorization for open web APIs is one of the greatest challenges to mashup application developers today. So it's quite notable that Google not only just quietly added OAuth support to their Google Contacts API but also stated that "This is our first step towards OAuth enabling all Google Data APIs."