OpenID + OAuth: Two Great Tastes That Taste Great Together

Today, Google and Plaxo released a hybrid protocol that combines OpenID, the open online identity standard, with OAuth, the secure data portability standard. Too often, when a Website wants to import your contacts from another Web service, it asks for your login and password credentials. OAuth gets around that by sending you back to the original site where you login and authorize the one-time transfer of data. It is much more secure. And now it works with OpenID.

So far, this is just a test between Plaxo and Google, where a Plaxo member can invite someone via Gmail. Plaxo marketing VP John McCrea argues that this approach is:

better for the user by being more convenient and more secure;
better for the identity provider by not asking the user for their password and then scraping their data; and
better for the site by delivering a higher conversion rate on signup flows and getting more useful data from the user.

It, of course, competes with another approach that is out there: Facebook Connect. But, then, that only works with Facebook.