tag:blogger.com,1999:blog-9989630.post-60779046891100040582008-06-28T11:23:00.000+02:002008-08-11T22:22:09.642+02:00Current trends in information architecture, the development of user-provided information and the use and combination of single function focused applications show that the Internet is shifting to a medium that is more and more structured with a decentralized authority.<br /><ul><li><a href="http://andreasengel.com/2006/12/tnt-20-exploiting-limits-of-traditional.html">TnT 2.0 - Exploiting the Limits of Traditional Media</a></li></ul>Instead of using a single site for all online needs users use different sites and services to manage their online experience applying state of the art Data APIs allowing aplications to access their data. Making use of a Web-standard like <a href="http://oauth.net/">OAuth</a> for secure API authentication gives your users access to their data while protecting their passwords and other protected areas. From <a href="http://oauth.net/">OAuth</a>:<br /><blockquote>"Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using your regular key to unlock everything."</blockquote>Here is a short demo of what it means to end users:<br /><div style="text-align: center;"><iframe src="http://nouncer.com/oauth/flow-demo.htm" frameborder="no" height="382" scrolling="no" width="484"></iframe></div><br />While <a href="http://andreasengel.com/2008/05/into-cloud-with-google-app-engine.html">reviewing</a> one of the latest Google innovations, <a href="http://code.google.com/appengine">Google App Engine</a>, which lets one run Web applications on Google's infrastructure with no servers to maintain I found it worth to mention OAuth as an open standard for secure API authentication - <a href="http://oauth.net/">OAuth</a> is now supported on all of the <a href="http://code.google.com/apis/gdata/">Google Data APIs</a>. Being familiar with UML or sequence diagrams it's easy to understand the Google data <a href="http://code.google.com/apis/accounts/docs/OAuth.html">API authentication process</a>. More on <a href="http://googledataapis.blogspot.com/2008/06/oauth-for-google-data-apis.html">Google Data APIs blog</a>.<br /><br /><div style="text-align: center;"><img src="http://andreasengel.com/img/oauthgooglesequencediagram.png" /></div><br />Resources:<br /><ul><li><a href="http://www.hueniverse.com/hueniverse/2007/10/beginners-guide.html">Beginner’s Guide to OAuth – Part I</a></li><li><a href="http://www.hueniverse.com/hueniverse/2007/10/beginners-gui-1.html">Beginner’s Guide to OAuth – Part II</a></li><li><a href="http://code.google.com/apis/accounts/docs/OAuth.html">OAuth Authentication for Web Applications (Google)<br /></a></li><li><a href="http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html">Registration for Web-Based Applications (Google)<br /></a></li></ul><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/9989630-6077904689110004058?l=andreasengel.com%2Findex.html'/></div>eAhttp://www.blogger.com/profile/12227627684803601412info@andreasengel.com0