On Sat, Feb 21, 2009 at 4:54 AM, Chris Messina <[email protected]>wrote:
> I uploaded two sets of screenshots today demonstrating an OAuth-like flow > on the desktop and on the iPhone: > iPhone: Flickit to Flickr > > http://wiki.oauth.net/Flickit-to-Flickr > > Desktop: iPhoto to Flickr > > http://wiki.oauth.net/Flickit-to-Flickr > I guess you wanted to link to http://wiki.oauth.net/iPhoto-to-Flickr Would be happy to have a discussion about these current examples, especially > in light of some of the recent feedback from Twitter devs [1][2]. > So I am wondering in the iPhone case how I can be sure that I am really at yahoo and not somewhere else. I don't see any URL, whether it's SSL or not etc. and even if I would this application could of course fake this as well (which I guess is also the point in [1]). So I agree with [1] that a better way would be something inside the OS to provide that but that this of course also might not happen (or at least soon). I also see this more as a problem for e.g. the iPhone where you usually need to close the application in order to jump to safari. This is not such a problem on the desktop and (as you demonstrate) has been done for quite a while with flickr. I also agree with [2] that authenticating for multiple services might make this whole process a bit annoying. We might also face this issue in the proposed MMOX IETF working group[3] if we go with OAuth and in order to connect to a world you might first need to authorize various services (profile, inventory, contacts, IM, ...). -- Christian [3] http://trac.tools.ietf.org/bof/trac/wiki/MmoxCharter > Chris > > [1] http://blog.atebits.com/2009/02/fixing-oauth/ > [2] https://twitter.pbwiki.com/oauth-desktop-discussion > > -- > Chris Messina > Citizen-Participant & > Open Web Advocate-at-Large > > factoryjoe.com # diso-project.org > citizenagency.com # vidoop.com > This email is: [ ] bloggable [X] ask first [ ] private > > > > -- Christian Scholz http://mrtopf.de/blog New Podcast: http://datawithoutborders.net --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
