14 DAY TRIAL // The web is all about the social component these days. It’s not just the obvious services, Facebook, Twitter and the likes, every site out there is trying to tap into your social graph and extend its functionality based on that. One thing that always happens when a group of people come together is ‘sharing’ information. This is also true on the web, the number of sites and services trying to be the place where you share links, videos and anything else online, with your friends is too high to count. Which is part of the problem XAuth, a new open web standard, is trying to fix.
Spearheaded by Meebo, XAuth is supported by quite a number of ‘second tier’ partners like Google, Yahoo, Microsoft, MySpace, and plenty of others. You wouldn’t normally think of Google or Microsoft as ‘second tier,’ but, in the content-sharing game, there’s Twitter and Facebook and, then, there’s everyone else. Which is probably why the two names are not among the ones of the initial partners of open standard.
“XAuth is an open platform for extending authenticated user services across the web. Participating services generate a browser token for each of their users. Publishers can then recognize when site visitors are logged in to those online services and present them with meaningful, relevant options,” the XAuth.org website explains.
“Users can choose to authenticate directly from the publisher site and use the service to share, interact with friends, or participate in the site's community. The XAuth Token can be anything, so services have the flexibility to define whatever level of access they choose,” it adds.
XAuth is an authentication standard, similar to OAuth, for example, enabling users to log into any website that implements it with any account from a service that supports it. But it goes beyond that, its real target, though the people behind XAuth are careful to dismiss that, is Facebook Connect.
But whereas Facebook Connect works with and for Facebook alone, XAuth is open to anyone. The ideal is to have website owners implement just one protocol that would then serve just the sharing and login options relevant to a user. It will also enable sites to share information in the background, even things like friends lists and all sorts of other data. This opens up a ton of functionality, but also a lot of potential privacy issues.