Take your Google Contacts with you

Wednesday, March 25, 2009 | 5:45 PM

Labels: ,

Lots of websites ask you to invite your friends when you sign up, and for good reason; the web is more fun when you can share your experiences with other people. However, too many of these sites access your list of friends by asking for your username and password so they can sign in as you and scrape your contact lists. The problem is that once a website has your password, it can access all sorts of data, not just your contacts.

Portable Contacts to the rescue! Portable Contacts (affectionately known as "PoCo") is an open standard that aims to make it easier to access "who-you-know" information in a secure way -- this means sites don't have to employ the "password anti-pattern" of scraping websites.

Using PoCo is 'easy' to use because it builds on existing standards and libraries. In fact, PoCo uses the same data format as the OpenSocial REST protocol. The 'secure' part is provided by OAuth, an authentication mechanism that allows users to grant access to only certain sets of data (address books in this case).

Web developers can now access Google Contacts using the OAuth and Portable Contacts standards. To test this out, you first need to Register your Domain and get an OAuth key. Then you can use Plaxo's Portable Contacts test client to send some test queries. Just enter your OAuth key, hit the "Grant Access" button to authorize access to your Google Contacts, and start submitting queries to see PoCo in action. For more information, check out the Portable Contacts Developer's Guide on code.google.com or visit portablecontacts.net.

11 comments:

Todd said...

Thank you!

...this is one of the last few remaining pieces of the puzzle. Add to DiSo activity stream spec, Oauth, XMPP and I get a little light headed about what's possible.

American Yak said...

WOOOOOOOOO HOOOOOOOOO!

AllenTomDude said...

This is a great win for interop, hopefully, we'll see other service providers support PoCo soon!

Charles Iliya Krempeaux said...

"PoCo" is (also) the (common) name for a city in BC, Canada, near Vancouver.

http://en.wikipedia.org/wiki/Port_Coquitlam,_British_Columbia


-- Charles Iliya Krempeaux
http://changelog.ca/

alan said...

Wow! A town named after an internet technology? British Columbia is so hip.

Clint said...

Except the website who scrape your contacts won't use this, only the honest site will. Therefore still no fix to the problem.

Dan said...

It's unconscionable that websites have been asking for your passwords this whole time. OAuth is a long time coming.

Sharing Ilmu Pengetahuan said...

Thanx 4 Sharing...

Nice Post and Nice Blog!!!

Stanley Pierce (Steve) said...

"Except the website who scrape your contacts won't use this, only the honest site will. Therefore still no fix to the problem."

Although your first statement is correct, I disagree that PoCo doesn't offer a solution. If a site asks for your PoCo information, give it. If a site asks for your email password, don't give it to them!

Gio Sico said...

Yeah its a good idea ... but you are still "trusting" someone you do not know.

Rontrell said...

This is fantastic news!!

http://www.faithewalk.info