Yahoo has released a new product called BBAuth just in time for its open HackDay today and tomorrow. It’s a mechanism for non-Yahoo applications to access Yahoo’s authentication mechanism and user data in a secure manner.
Most mashups today do not access personal data because of the security issues (not to mention the fact that companies usually think of user data as proprietary). The classic mashup example is mixing Google or Yahoo maps with other data. But there are far fewer examples of mashups involving user data protected from the rest of the Internet via a sign-in procedure.
BBAuth fixes that problem when it comes to accessing data locked up at Yahoo. Using the tools Yahoo provides, non-Yahoo applications can request a user to sign in to Yahoo and give permission for Yahoo user data to be sent to the non-Yahoo application. Yahoo’er Dan Theurer explains how it works in more detail, and points to two test applications he created. The first shows how it can be used to allow sign in via Yahoo credentials, and the second shows how you can access Yahoo photos data outside of Yahoo.
There are two pieces to BBAuth. The first is a single sign on tool to authenticate the user. The second piece is a set of APIs to get into specific Yahoo services and interact with user data. For example, the Yahoo Photos API allows other applications to, among other things, upload photos, tag photos, and modify titles and descriptions. Yahoo is also opening up Yahoo Mail through BBAuth.
Dave Winer says this is a “huge deal” and I agree. See what Yahoo’s Jeremy Zawodny says about BBAuth as well.
It’s worth noting that Amazon is doing the same thing (but in a limited way) with it’s S3 storage product, and eBay is supposedly testing third party authentication for purposes of verifying (but not changing) user feedback ratings.