Building and using secure web services using OAuth

With every passing day, we entrust more and more of our personal information to the Internet. And as each week passes, we see more and more online services launching new APIs, opening up the information silos and letting our data flow freely. But some data should not be freely available, merely portable. To do this securely requires that users prove their identity and authority. Typically this is done via username and passwords, or sometimes OpenID. Often, though, users want to appoint computer agents to access and work with their data on their behalf. These agents may not be entirely trusted, and should not be given the user’s logon credentials.

Enter OAuth: an open standard for simple, secure, delegated authorization. With OAuth, a user can give a social network just enough access to their address book to connect them with their friends, or can allow a photo shop access to just the few photos they want printed onto canvases.On the Web of Data, OAuth puts the user back in control.