If you’ve ever tried using one of the many sharing widgets available on the web, you know that there are a lot of web services out there that support sharing. That presents a challenge for publishers, who often wind up showing widgets for the big players like Facebook and Twitter, while neglecting the smaller services their users may be members of. Now Meebo, in tandem with a roster of partners including Google, Yahoo, Microsoft, MySpace, JanRain, Disqus and Gigya, has developed a new open standard called XAuth designed to put an end to this problem. And it has the potential to do much more.
Here’s how the official site, XAuth.org is describing the platform:
XAuth is an open platform for extending authenticated user services across the web.
Participating services generate a browser token for each of their users. Publishers can then recognize when site visitors are logged in to those online services and present them with meaningful, relevant options.
Users can choose to authenticate directly from the publisher site and use the service to share, interact with friends, or participate in the site’s community. The XAuth Token can be anything, so services have the flexibility to define whatever level of access they choose.
So what does that mean? Imagine visiting TechCrunch and seeing share buttons tailored to the services you use. If you don’t use Google Buzz but are an avid Reddit user, we could automatically hide Buzz and swap the appropriate Reddit button in. Yes, there are already ways to do this, but currently TechCrunch.com would have to issue requests to every popular sharing service each time a new user visited the site, which isn’t always practical — XAuth is more efficient, because it already knows which services you belong to.
But what about privacy? There is a central XAuth server that exists to facilitate data transfer between domains, but your personal information is never actually transferred through it. Instead, all personally identifiable information is stored in your browser using HTML5′s local storage — XAuth.org exists to verify which tokens a third party has access to. If you’re still wary, you can choose to opt out of XAuth using a control panel at XAuth.org.
When it comes to exploring XAuth’s potential, personalized sharing buttons are just the beginning— services can include whatever information they want in their token. Say MySpace decided it wanted to allow Meebo to automatically have access to its users’ friend lists. MySpace could include a session ID as part of its token that would grant Meebo access to that data, without any input required from the user. Using XAuth, MySpace could grant access to this token only to a select few partners on a whitelist, or it could open it up to any third parties who wanted it.
In effect, XAuth’s flexibility allows any social service provider to achieve the ‘auto-connect‘ functionality that we hear Facebook plans to launch soon. That could be powerful, but it also has the potential to be creepy — do users really want their information pre-populated as they browse the web? The answer isn’t clear yet.
That said, most sites (particularly sites where security is a priority) will probably only use XAuth to inform third parties that the user has an account with them, without actually sharing any of their personally identifiable data (in other words, we’ll see the personalized button scenario discussed above).
Update: Here’s a video taken by Robert Scoble of Meebo CEO Seth Sternberg explaining XAuth:
Meebo is a consumer internet company focused on driving user engagement across the web, reaching approximately half of the U.S. internet population. Our flagship product, the Meebo Bar, provides publishers and advertisers a surprisingly simple way to leverage this massive audience by organically weaving content engagement and brand experiences into the consumer’s web experience. The Meebo Bar is currently integrated into hundreds of premium websites and hosts rich, engaging advertising from many of the top Fortune 500 brands. Meebo...
Yahoo was founded in 1994 by Stanford Ph.D. students David Filo and Jerry Yang. It has since evolved into a major internet brand with search, content verticals, and other web services. Yahoo! Inc. (Yahoo!), incorporated in 1995, is a global Internet brand. To users, the Company provides owned and operated online properties and services (Yahoo! Properties, Offerings, or Owned and Operated sites). Yahoo! also extends its marketing platform and access to Internet users beyond Yahoo! Properties through its distribution network...
Google provides search and advertising services, which together aim to organize and monetize the world’s information. In addition to its dominant search engine, it offers a plethora of online tools and platforms including: Gmail, Maps, YouTube, and Google+, the company’s extension into the social space. Most of its Web-based products are free, funded by Google’s highly integrated online advertising platforms AdWords and AdSense. Google promotes the idea that advertising should be highly targeted and relevant to users thus providing...