Wednesday, July 29, 2009

Making Money with OAuth

I am really excited about the idea implemented by RPXnow. It works as simple as:
... a proxy between third party identity providers and your website, RPXnow helps you effortlessly add single sign-on from providers like AOL, Google, Yahoo! and even Facebook. The hosted service runs in the cloud and is accessed via simple RESTful API calls ...

A set of features looks impressive, let me list them here (or see them with descriptions):

  • Supported identity providers: Google, Yahoo, Facebook, Twitter, MySpaceID, Windows LiveID, AOL, Blogger, Wordpress, VeriSign, Hyves, OpenID

  • Sign in widget

  • Profile data from the identity providers

  • Account mapping

  • Extended access to the providers' APIs

  • Social publishing (coming soon)

  • Address book import

I want to note that RPXnow is positioning themselves as a "Single Sign-On for your website" although it provides with much more. And this much more, I think, could be a totally separate business.

RPXnow is putting effort to become a service that aggregates people data accross many services (e.g. MySpace and Facebook). Think of it as, but without the UI, just the REST API. Normally, if in your website you'd want to access user's MySpace, Facebook, or Google account data, you'd have to code everything yourself using the APIs provided by those services. RPXnow does it for you. So you only need to interact with one API - RPXnow API.

Recently I was reading the article Writing OAuth Gadgets, and then stumbled upon a concept of OAuth Proxy. As you can imagine it's a proxy design pattern applied for OAuth services, i.e. you provide an OAuth service that delegates to another OAuth service. Actually, the upcoming "Social publishing" feature of RPXnow will do exactly that - proxy to other services.

I think OAuth proxy could be a totally separate service in the cloud. There are many services online that allow for pretty much similar things: status updates, picture uploads, videos, profile information, etc. So the proxy could unify all this kind features into one interface and adapt to multiple services. As a customer of the proxy I would simply ask to upload a picture on behalf of a user, and I don't care where it goes - MySpace, Facebook or Flickr.

The question then if OAuth proxy as a business is possible without the "Single Sign-On for your website" like RPXnow. Because if not, then OAuth proxy would have to compete with RPXnow. I think it's possible. Consider a couple of use cases:

  1. A website that already has a lot of users. Instead of changing there authentication strategy it may be more feasible to implement the "Link external account" functionality and use OAuth proxy

  2. OpenSocial containers could use the more generic OAuth proxy than proxying just as a workaround

Maybe there are more?

Additionally, since OAuth proxy is actually software as service (SaaS) it implies recurrent revenue.

No comments:

Post a Comment