Job Description
The Sandia National Laboratories Information Management Solutions organization
is seeking an innovative, highly motivated, energetic and forward-thinking
Computer Scientist to provide support for its Technical Library applications.
The selected candidate will work closely with
Hello Ross,
I haven't implemented OAuth, and you may have already read this,
but if not: ArsTechnica wrote a critique of the Twitter OAuth
implementation that may be of interest. You can find that article
here:
http://bit.ly/c88aa7
Best-
Joe
On 9/20/10 1:54 PM, Ross Singer
j.g. pawletko wrote:
I haven't implemented OAuth, and you may have already read this,
but if not: ArsTechnica wrote a critique of the Twitter OAuth
implementation that may be of interest. You can find that article
here: http://bit.ly/c88aa7
The co-op has been working on OAuth recently,
Can you give some details (or references) to justify the belief that
OAuth isn't ready yet? (The fact that Twitter implemented it poorly
does not seem apropos to me, that's just a critique of Twitter, right?).
I don't agree or disagree, just trying to take this from fud-ish rumor
to facts to
On Mon, Sep 20, 2010 at 4:01 PM, Jonathan Rochkind rochk...@jhu.edu wrote:
Can you give some details (or references) to justify the belief that OAuth
isn't ready yet? (The fact that Twitter implemented it poorly does not seem
apropos to me, that's just a critique of Twitter, right?).
I don't
Jonathan Rochkind wrote:
Can you give some details (or references) to justify the belief that
OAuth isn't ready yet? (The fact that Twitter implemented it poorly
does not seem apropos to me, that's just a critique of Twitter, right?).
I don't agree or disagree, just trying to take this
Well, if you want to distribute an application to users that will enable
them to log in to _their own personal information_, without them ever
having to enter credentials in a workflow started by that application,
that's not going to happen, cause it's kind of impossible.
But if you just want
Ross Singer wrote:
Agreed on this assessment, Jonathan. MJ, can you extrapolate on your
concerns, because that Ars Technica article is not going to cut it for
anything more than to avoid the choices that Twitter made.
I've just sent another message trying to do that. Hope it helps.
And
On Mon, Sep 20, 2010 at 4:21 PM, MJ Ray m...@phonecoop.coop wrote:
I think FOSS servers would be affected by the published-key spoofing
flaw too, wouldn't they?
They would, but it should be easy(-ish) for each server admin to get
their own key, which it can then (hopefully!) keep secret. The
Jonathan Rochkind wrote: [...]
But if you just want to publish an OAuth-using client that's not easy
to impersonate -- well, it depends on what you mean. Do you mean you
want the server to know that the client application, that is distributed
to end-users, is The Twitterific Client, in a
The thing this conversation (and Twitter) is missing, is that the OAuth
protocol neither requires nor relies upon each piece of client software
having a key of any kind. Twitter wants it to, so it can disable a
certain application (distributed and used by many people) if they
decide that app
MJ Ray wrote:
What is the use case? http://oauth.net/core/1.0a/ claimed OAuth
creates a freely-implementable and generic methodology for API
authentication. Shouldn't we expect generic authentication to
include authenticating both peers?
OAuth, as I understand it, is about confirming that
I don't know much about security. From the looks of the discussions here
I'm not sure I want to.
What I do know is that I can put stuff behind httpd's authentication
modules and outsource that complexity to people who appear to know what
they're taking about.
Is there a way I can use OAuth
On Mon, Sep 20, 2010 at 5:21 PM, MJ Ray m...@phonecoop.coop wrote:
Ross Singer wrote:
Agreed on this assessment, Jonathan. MJ, can you extrapolate on your
concerns, because that Ars Technica article is not going to cut it for
anything more than to avoid the choices that Twitter made.
I've
14 matches
Mail list logo
