OAuth is a key to the future: The longings of the average user and how they can be addressed

My previous post talked a bit about the needs for web apps that interconnect seamlessly, yet securely and without requiring the user to constantly log in to this site and that. Eran Hammer-Lahav, a contributor to OAuth, provided his comment, and later a follow-up blogging that pretty rightly hits a point. Since then, I've realized that OAuth is indeed sufficient for these purposes. The key is in how an app decides when and to whom to allow access to a user's data.

What are the needs of the average user? Since I consider my self an average user (on my off days, that is), here's what I want:
1) Web apps that do one thing, and one thing alone.
2) In doing that one thing, they smartly bring in other relevant data when I need it. (Example: Google documents, sending a link to someone, pulls up my contacts from Gmail.)
3) I don't want to have to log in to each separate site just to get data from it. (This is partially achieved by OpenId -- what about ajax? What about allowing an app to log in behind-the-scenes to another app as me, using OpenId?)
4) I don't want to have to grant permission any more than is really necessary. I should be able to specify that my photos are allowed to be shared with any site as long as I am the one wanting to access them from that site. And that anyone else can access them through other sites as well, but they aren't allowed to modify them.

I want my documents to reside on Google Docs, my calendar on Google Calendar, my Photos on Flickr, my videos on YouTube or Google Video (why aren't they the same if Google bought YouTube??), and my todos on Tadalist. Each of those sites are specific-purpose-driven sites. They each do one thing. And for the most part, they do it well. But they aren't connected. I can't email a photo on flickr to friend straight from Gmail. I can't see my todos in Google Calendar. I can't choose someone from my gmail contacts on tadalist when I want to email a todo to a friend. You get the idea. Through a unified login (OpenId?) and a standard communication protocol (OAuth), Tadalist should be able to access my gmail contacts for me, in a fully transparent way.

OAuth, which I previously thought was insufficient for the task, may be just the thing for the task after all. The main thing is that if you use OAuth, please, please, make your permissions generic. Make it simple for the user, don't make them grant every single application that asks for data -- instead, provide a few options I can choose from once and forget about it. That way, most of the time, a user won't even have to see your site to log in or grant permission - they just get redirected to your site, to their openid, back to your site, and back to the original site with all the permission they need. (It works, but isn't it a little overkill?)