Yahoo! has just released a new set of APIs for enabling SSO on the web. TechCrunch has a good review.
There are two pieces to BBAuth. The first is a single sign on tool to authenticate the user. The second piece is a set of APIs to get into specific Yahoo services and interact with user data. For example, the Yahoo Photos API allows other applications to, among other things, upload photos, tag photos, and modify titles and descriptions. Yahoo is also opening up Yahoo Mail through BBAuth.
I am not sure what data the 3rd party apps will be able to access from Yahoo!? E.g. will the 3rd party apps be able to access information related to Yahoo! Shopping? Will they be able to access user address information? What kind of systems will be put in place to validate the 3rd party application providers to ensure that the user information is not misused?
This move makes a lot of sense for Yahoo! as they get to be the central repository of all user information and to participate in a whole lot of transactions unrelated to their properties. I am not sure, though, that it makes sense for 3rd party apps or users. Typically users and 3rd party application providers are reluctant to have an intermediary, that does not add any direct value, in the middle of a transaction. There have been a few initiatives like this in the past – Microsoft Passport and Six part’s TypeKey to name a few. Such SSO initiative did not do very well in the past…let’s see how Yahoo!’s move fares?