Wednesday, March 25, 2009 | 5:45 PM
Lots of websites ask you to invite your friends when you sign up, and for good reason; the web is more fun when you can share your experiences with other people. However, too many of these sites access your list of friends by asking for your username and password so they can sign in as you and scrape your contact lists. The problem is that once a website has your password, it can access all sorts of data, not just your contacts.
Portable Contacts to the rescue! Portable Contacts (affectionately known as "PoCo") is an open standard that aims to make it easier to access "who-you-know" information in a secure way -- this means sites don't have to employ the "password anti-pattern" of scraping websites.
Using PoCo is 'easy' to use because it builds on existing standards and libraries. In fact, PoCo uses the same data format as the OpenSocial REST protocol. The 'secure' part is provided by OAuth, an authentication mechanism that allows users to grant access to only certain sets of data (address books in this case).
Web developers can now access Google Contacts using the OAuth and Portable Contacts standards. To test this out, you first need to Register your Domain and get an OAuth key. Then you can use Plaxo's Portable Contacts test client to send some test queries. Just enter your OAuth key, hit the "Grant Access" button to authorize access to your Google Contacts, and start submitting queries to see PoCo in action. For more information, check out the Portable Contacts Developer's Guide on code.google.com or visit portablecontacts.net.