The REST API uses standard OAuth authentication to allow applications to safely access the Netflix service on a subscriber’s behalf without requesting his user name or password. A simpler subset of OAuth can be used to access REST API resources that do not require subscriber authorization, such as the catalog.

At the time, it wasn’t necessarily clear what this meant, or where we would see OAuth get used.

A few months later, it’s clear that OAuth is under the hood in “activation” transactions on the TiVo, the Xbox and the Samsung Blu-ray player.

And today, in David Pogue’s NYTimes column announcing the winners of the fourth annual Pogie Awards, Netflix’s innovative service was given top billing:

NETFLIX AS A SOFTWARE FEATURE “There’s a reason we didn’t call the company ‘DVDs by Mail,’ ” Netflix’s chief executive, Reed Hastings, often says. And sure enough: no DVDs are involved in Netflix’s latest assault on the American home theater. With Netflix Instant Viewing, there are no time limits, no copy protection, no waiting for movie files to download; the movie simply streams from the Internet as you watch.

You’re not billed by the movie; in fact, you’re not billed at all. Unlimited streaming movies are free with any DVD-by-mail plan over $9.

Originally, you had to watch on your computer (Windows, and now Mac). But who wants to watch movies sitting at a desk?

Bit by bit, Netflix has been bringing this feature to your TV by cleverly piggybacking on other companies’ set-top boxes. Netflix Instant Viewing is now a feature of the TiVo, XBox 360, and Blu-ray players from LG and Samsung. Or you can get Roku’s $100 Netflix Player box, which does the job beautifully all by itself.

The 12,000 available movies generally aren’t recent ones. But there’s a lot to be said for instant gratification, especially when it’s free.

It’s worth recognizing that this experience was crafted using open technologies like OAuth and ATOM. And for the end user, the experience is as seamless and smooth as one would hope, or more likely, expect.

Cheers, Netflix!

In an effort to make it easier to debug your OAuth calls — and interact with Google’s OAuth-protected resources — Google Data APIs engineer Eric Bidelman released the OAuth Playground today along with a comprehensive article on using OAuth with the GData APIs.

Along with the article and playground, Google now supports HMAC-SHA1 signing.