looks like there is a new link on the "Google Accounts" page.....

http://blogs.zdnet.com/Google/?p=223

hey wait a second.. if lighthouse is getting launched..then won't it make sense to picasa too luanch at the same time ??

But what is the Figurative " 3rd party sites authroized " statement ?? Would this mean that its like Hosted services ??

It is a bit of a jump to say that it is lighthouse. Especially since none of us actually have any idea what lighthouse even is. Probably nothing will come of it.

Lighthouse is an "Access List" according to the leaked presentation notes.

{ and if this is something new... then blimey! so much in so little time. Spreadsheets, Web Albums (not surfaced yet), Vid Player for Mac and this (not surfaced yet) all in 2 days! }

But Sam, you can see how fast they reacted with taking away the link on the picaso web pages..

Why was that ??

Oo notice this too: if you change it to "IssueAuthSubToken" you get a login page:

https://www.google.com/accounts/IssueAuthSubToken

(btw this isnt what you default get if you make up a page e.g. https://www.google.com/accounts/FAKE)

Same , have you gone thru the notes sections of the blotched ppt that was used on their presentation day ? theres a lot of tidbits of infonuggets

And even cooler:

https://www.google.com/accounts/IssueAuthToken

I read the blog post where it was leaked initally. I never took it too seriously since it was all so vague and no one really knew what any of it meant.

What URL do you see on that last one? Mine ends 00d11b25efe2301

Mine ends with:
8fcd3e6

Seems to be unique each time I reload the page.

Oh yes. Same here. So what do you think this is?

"Access List" is a bit vague. I mean what is it for?

yes, but if you tie in Checkout with the ACL and your accounts with the various servics.. the strategy makes sense..!!

Speculation:
I think it will be a mechanism websites can use to authenticate users via their Google account (only with the users granting access to that website) – MSN Passport was designed to be your single login for the web... but I think it has pretty much failed.

If not that, it could also be an "Access List" to automaitcally withdraw funds from a Google Account like a PayPal subscription service?

My guess is as good as yours though.

Right. When you say authorisation it reminds me of Flickr where you have to agree to give companies permissions to read / read/write your photos to use their services. They have a centralised system for it. No you are suggesting something similar but for Google. The question is what are you letting people have access too.

Maybe money like you say. Or maybe some sort of system to get your details (name, email, address...) to other websites to speed up the sign up processes. Standing in for what .NET passports are meant to be. Oh ok.

Sorry this post adds nothing new, it is just me getting what you said straight in my head.

I nearly posted about this the night before last but noticed it was covered here so I didn't bothered:

http://googlesystem.blogspot.com/2006/06/google-passport.html

but the URL as id'ed below is dysfunctional now (?)

https://www.google.com/accounts/ManageAccount2

Right :)

I didn't know what Lighthouse means. It was mentioned in the same context as GDrive.

Ionut:

A lighthouse is the tower near the shore to warn sailors from danger at night. Beside that I can't imagine what it means in a Google context.

My google account section now displays a "Change Authorized Websites" link on the left hand side. Anybody else have this??

I see it and it points to what Garett's mentioned

https://www.google.com/accounts/IssuedAuthSubTokens

Kirby

Me too.

I have it too...

Garett > as I said on your site, we talked about that with Ionut (Google Operating system) some days ago.
http://www.zorgloob.com/2006/06/google-passport.asp (French)

hey, I have no Google logo here :
https://www.google.com/accounts2
is it normal?

Thanks TOM

it seems like www.google.com/accounts<anything here> will produce the same results... i think the problem is the google logo uses a relative path and /accountslkjasfjasjg/logo.gif doesn't exist

the question is why /accountskjasjdglaj works at all?

Could this ("Authorized Websites") be something related to controlling access to your account by other sites. For example, I've given my gmail address and password to Netvibes so that my gmail inbox can be displayed on my Netvibes page. Maybe this is a way Google is planning on giving us to control what sites/services (like Netvibes) have access to our info. An extra level of security maybe?

Ken: allowing third-party websites to have access to your login credentials and your information on Google servers is just plain dumb... giving that much power to a third-party website can bring lots of problems... mainly security issue's where the "other sites" can simply get your credentials from their own database -> run a script/app to check all your emails (Gmail), notes (notebook), search history, accounting reports (spreadsheets), and other google services to their advantage -> build a massive "John Doe" personal details and history profile and sell it to the highest bitter!! (not to mention Big Brother's from every country on this earth)...

just my point of view but clearly a decision to "NOT" allow third-party sites to have access to my personal info. Google, thanks but no thanks for this feature!

"clearly a decision to "NOT" allow third-party sites to have access to my personal info. Google, thanks but no thanks for this feature!"

Strong, very strong statment. Tip of the hat for this statement!! thank you :)-

Well then this:
http://www.google.com/tools/firefox/browsersync/index.html
is something you guys would certainly not like, right?

And Josue, despite my being "plain dumb," I was able to muddle through your logic.

i don't know much about this "Lighthouse" but i believe it has to do with a "MS Passport" like authetication as other have already mentioned... hopefully this URL below will give more light into this mystery...

http://code.google.com/apis/accounts/AuthForInstalledApps.html

its interesting that you can validate (and check status) your Google Accounts with this simple URL post:

https://www.google.com/accounts/ClientLogin?Email=<EMAIL>&Passwd=<PASSWORD>&service=mail&source=<ANYTHING_HERE>

if the URL post is successful, you'll get three types of AuthTokens (aka 'authentication cookie') but if unsuccessful you get a simple response "Error=BadAuthentication"! (see Error Codes / http://code.google.com/apis/accounts/AuthForInstalledApps.html#Errors)

... now imagine a vulnerbility in this mechanism where all you need is the EMAIL account and a random / fake PASSWD or SubAuthToken hack... this would be chaos through out the Google network.

Philipp: it would be nice to implement this Authentication method into Blogoscoped forums.

"clearly a decision to "NOT" allow third-party sites to have access to my personal info. Google, thanks but no thanks for this feature!"

No need to overreact, i doubt Google will give any third party website access to your email and saved files. This is, afaict, a clone of MS's passport system. the only personal info they will access is stuff like your name and email address, stuff they'd have to ask you for if you registered anyway. Google hasn't even released anything yet!

Anybody seen Microsoft's InfoCard mechanism? It is an implementation of the Yadis protocol, an open standard "web of trust" for single login capabilities. For more info, start at...

http://en.wikipedia.org/wiki/Yadis

The new link in Google Account no longer exists
https://www.google.com/accounts/ManageAccount?hl=en

yes, you are correct tom, I noticed this too!!

Also google.com/call gives error instead of the weird XML.