Thursday, November 20, 2008

OAuth and SREG and MapQuest! Oh My!

This has been a great week for AOL and our efforts to support the "Open Stack". While our progress is not as fast as those more nimble and lightfooted, I still believe the progress is significant.

Yesterday, the AOL Mail Gadget for iGoogle was announced. This gadget uses the OAuth capabilities of the iGoogle container to access OAuth based AOL Mail web service APIs.

Also yesterday, AOL announced it's preview support for the SREG 1.0 extension to OpenID. As in my message to the OpenID general mailing list, there are still a number of user experience issues that need to be resolved around SREG/AX support and I hope that our initial implementation will help consolidate the necessary industry best practices.

Finally, today MapQuest launched a new feature called My Mapquest which allows users to store addresses, driving directions, phone numbers for "Send to cell", and even the ability to estimate fuel costs for a trip based on your personal vehicle. My favorite part of this new capability is that anyone can use it because it supports OpenID. I believe this is the first web site from a major provider, that isn't a blogging product, to support OpenID as a relying party. (Feel free to correct me in the comments).


Praveen said...

Yey ! This is great news. Congratulations.

Looking forward to see lessons learned from the UX point of view soon.

Anonymous said...

Super cool! How do I get access to sreg on AOL's OpenID Provider? When I tried it just now, it didn't work, and I notice it's called a "preview release".

Awesome to see My Mapquest being an RP. But I tried using and it didn't work--I think they're not properly handling delegated OpenIDs...

George Fletcher said...

The SREG support is based on SREG 1.0 for two reasons. One, it's the version that more closely matches the OpenID 1.1 spec and two, the SREG 1.1 spec is still marked as draft. I don't know if that will make a difference for your testing. For instance, the sreg values need to specified via the openid.sreg.required and openid.sreg.optional parameters.

I'll look into the delegation case to see if that's a bug.

As an aside, the generic OpenId support on the Plaxo signin page correctly activated the SREG capability.

Thanks so much for the feedback!