15 thoughts on “Yahoo looks outside for Mojo”

  1. Yahoo needs new talent. They seem to be stagnating. So many good products that need an upgrade, they just need some innovative people on board.

    With that huge user base, ability to generate massive ad revenues and broad range of services they really should be doing better than they are!

    Kudos on the BBauth though. Looks like it will be really cool and may help get them a bit more attention.

  2. Yawn. An authentication scheme is only as good as the APIs it exposes. In Yahoo’s case; there’s only 1. Double Yawn.

    I can’t wait for Yahoo to just go away. I installed Yahoo Messeneger on my system and I think it’s worse than a virus a infecting a user’s system. I can’t right click without seeing a Yahoo icon.

  3. It is awesome that Yahoo! launched this Browser Based authentication, I love the Yahoo! APIs program with them regularly and want to do more!

    I am however slightly confused by this comment in your post “(This is something which eBay should have done, but well, never did, forgetting that eBay’s value is in its authentication system.)”

    Having just gone through the Auth and Auth that Yahoo has set up (see diagram here) http://developer.yahoo.com/auth/ it seems identical to the system found at eBay http://developer.ebay.com/DevZone/XML/docs/WebHelp/AuthAndAuth-About_Authentication.html which powers many of the third party listing tools which drive a huge proportion of eBay’s business.

    You are totally right it is crucial eBay should do this but eBay did, >2years ago and it is now driving a lot of value. You can see examples of it’s use for free at http://www.randomdomainname.co.uk/ebay/ebaywishlist.php or also at http://www.ebaymatchups.com

    Give it a go 🙂

  4. Alex and Jeffrey,

    thanks for pointing out the error in my ways. i should have been more explicit. i wanted to say that ebay should have done the same with it is reputation system and become the “credit bureau” of the web, in more simplistic terms.

    also, can you both outline the ebay efforts.

  5. So, Passport is (or was intended to be) a single signon product in which a giant authentication and authorization database was to be maintained by Microsoft for any web site that chose to implement it. (Authentication verifies that you are who you say you are. Authorization verifies that you’re allowed to do something.)

    In contrast, eBay and Yahoo’s systems both provide authentication and authorization for third party applications that use eBay and Yahoo web services only. eBay’s and Yahoo’s systems work similarly because they were informed by similar use cases, and because some of the same people (i.e. me) were involved in their creation. Neither system aspires to be a single sign-on for the web. (BBAuth can’t even be used as single sign-on for Yahoo since all of Yahoo hasn’t adopted it yet.)

  6. Nicely put Jeff.

    The Yahoo! diagram explaining Auth and Auth couldn’t really be better designed to explain (at least one instance of) the eBay version. There is another instance where eBay saves the token and it doesn’t get sent back as part of the redirect url but is called by the application (obviously that is useful for desktop apps). When the user returns to the Application after completing browser based authentication the application can use an API call called “FetchToken” to retrieve the token.

    Auth and Auth is really a critical part of any web service and (for example) del.icio.us does it differently where I as a developer pick up the user’s username and password, store them in a database and send them to del.icio.us every time I make a call on the API on behalf of the user. This is obviously insecure for a number of reasons and although not necc. scary for a del.icio.us user you can get why that kind of methodology would be a nightmare for Yahoo! mail etc… third party applications and so this browser based authentication is awesome.

    Typepad actually do something slightly different which I love for their Widget API. You create your submission for a widget to add to your typepad account via a third party site and once it is ready the developer sends it (and you) to typepad using a POST command. Typepad stores the information the developer sent across and you sign in to Typepad and authorize the widget to be added to your blog. Obviously this wouldn’t work for every web app and would be massively tedious even for some which it could be used on but for the typepad widget need it is elegant and efficient. I really like it.

  7. Oooops one really crucial thing I missed off is that certainly with eBay a user can switch off permission for any third party application to access their account via the API at any time via a link within my.eBay.com > preferences > Third-party authorizations >. I expect Yahoo! will be doing the same (but obviously don’t know).

  8. this site looks really nice. props to whoever put it together. it was the new zealander, wudnit?

    but what i really want to know is, why does Google keep hiring all these hardware engineer types?


    they’ve been hiring these folks for months now, and they’re still hiring, so something big is going down in the MV. phones? pda’s? gps? what’s up? it must be an open secret by now, but some of us are not in the know, ya know?

  9. Pingback: IT Blogwatch
  10. Flickr offers a de-authorization page for third party services as well, so I’d expect we’d see something similar on Yahoo. I use Slickr to have my friends’ pictures scroll through on my screensaver.

    Re: ebay – I would love to be able to carry my eBay reputation with me when I sell on other sites, especially places like craigslist.

    I also want someone to open up their buddy lists:

  11. My personal experience as a developer making creative use of APIs has been that given fuller and freer access to an expanding variety of data from seemingly unrelated sources makes for an organic, almost evolutionary explosion of mash-ups .. odds being than one or two or a handful may become a killer ap in some odd niche that could never be deduced by a boardroom meeting. The cold hard cash has and will come through the many independent developers who’s talents and creations are neither a drain on a company’s payroll, nor leeches of data, but rather partners in the future growth of web 2.0

  12. These things should be done in haste before time forgets about Yahoo. Although Yahoo is still famous in some third world countries these same countries are now beginning to realize some of the down side of Yahoo especially in organic research.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.