[twitter-dev] Re: Authorizing for partial control

2010-09-21 Thread Papa.Coen
Of course, Twitter is not a secure means of communication. You know
that, I know that. How about the majority of Twitter users? I think
you could imagine the personal harm you could get from insulting
tweets, spamming on your behalf or even setting pornographic images as
your avatar. People are getting sued/prosecuted/fired/apprehended even
here in the Netherlands for the tweets they post.
Rediculous.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


Re: [twitter-dev] Re: Authorizing for partial control

2010-09-21 Thread M. Edward (Ed) Borasky

Yes, that's why one does the right thing *and* has an attorney. ;-)

--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

A mathematician is a device for turning coffee into theorems. - Paul Erdos


Quoting Papa.Coen papa.c...@gmail.com:


Of course, Twitter is not a secure means of communication. You know
that, I know that. How about the majority of Twitter users? I think
you could imagine the personal harm you could get from insulting
tweets, spamming on your behalf or even setting pornographic images as
your avatar. People are getting sued/prosecuted/fired/apprehended even
here in the Netherlands for the tweets they post.
Rediculous.

--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:   
http://groups.google.com/group/twitter-development-talk?hl=en






--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] Re: Authorizing for partial control

2010-09-20 Thread @IDisposable
 - The possibility to ask for (by the app) and grant (by the user) a
 more fine grained level of authorization (more than just read/write
 only)

Totally agreed!.  Specifically, I want:

1) One time tweet WRITE
2) Ongoing tweet WRITE
3) Non-public READ
3) Non-DM READ
4) Full READ
5) Profile and Settings WRITE

I should be able to ask for any combination as a developer, and as a
client/end-user I should be able to revoke or refuse ANY of them while
still allowing access.  Thus if someone codes an application that
wants to read all my tweets and send a solicit message, as an end-user
I should be able to allow the read access but deny the tweet writes.

Yes, this would complexify (wee) the UI, but it would enable people to
avoid the Twitter-worms that annoy us so much.

Marc

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


Re: [twitter-dev] Re: Authorizing for partial control

2010-09-20 Thread Abraham Williams
Any models consisting of more then three levels of permission is too
complicated. Read, write, and delete are the levels of permission in their
most pure form. Delete is important because otherwise every single
application that just needs to post a tweet can delete *all* of you data
with a few simple scripts.

On a side note Twitter is not a secure communication medium and should not
be used for sensitive communication.

Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Mon, Sep 20, 2010 at 11:56, @IDisposable idisposa...@gmail.com wrote:

  - The possibility to ask for (by the app) and grant (by the user) a
  more fine grained level of authorization (more than just read/write
  only)

 Totally agreed!.  Specifically, I want:

 1) One time tweet WRITE
 2) Ongoing tweet WRITE
 3) Non-public READ
 3) Non-DM READ
 4) Full READ
 5) Profile and Settings WRITE

 I should be able to ask for any combination as a developer, and as a
 client/end-user I should be able to revoke or refuse ANY of them while
 still allowing access.  Thus if someone codes an application that
 wants to read all my tweets and send a solicit message, as an end-user
 I should be able to allow the read access but deny the tweet writes.

 Yes, this would complexify (wee) the UI, but it would enable people to
 avoid the Twitter-worms that annoy us so much.

 Marc

 --
 Twitter developer documentation and resources: http://dev.twitter.com/doc
 API updates via Twitter: http://twitter.com/twitterapi
 Issues/Enhancements Tracker:
 http://code.google.com/p/twitter-api/issues/list
 Change your membership to this group:
 http://groups.google.com/group/twitter-development-talk?hl=en


-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


Re: [twitter-dev] Re: Authorizing for partial control

2010-09-20 Thread Scott Wilcox
Agreed completely. I understand why people want scope for permissions ala 
Facebook, but I quite like the way Twitter is.

The whole big issue here is that people seem to think DM's are a sacred medium 
for secure communication when that simply isn't the case. A DM is just a normal 
tweet directed at one person.

/2p

Scott.

On 20 Sep 2010, at 20:17, Abraham Williams wrote:

 Any models consisting of more then three levels of permission is too 
 complicated. Read, write, and delete are the levels of permission in their 
 most pure form. Delete is important because otherwise every single 
 application that just needs to post a tweet can delete *all* of you data with 
 a few simple scripts.
 
 On a side note Twitter is not a secure communication medium and should not be 
 used for sensitive communication.
 
 Abraham
 -
 Abraham Williams | Hacker Advocate | http://abrah.am
 @abraham | http://projects.abrah.am | http://blog.abrah.am
 This email is: [ ] shareable [x] ask first [ ] private.
 
 
 On Mon, Sep 20, 2010 at 11:56, @IDisposable idisposa...@gmail.com wrote:
  - The possibility to ask for (by the app) and grant (by the user) a
  more fine grained level of authorization (more than just read/write
  only)
 
 Totally agreed!.  Specifically, I want:
 
 1) One time tweet WRITE
 2) Ongoing tweet WRITE
 3) Non-public READ
 3) Non-DM READ
 4) Full READ
 5) Profile and Settings WRITE
 
 I should be able to ask for any combination as a developer, and as a
 client/end-user I should be able to revoke or refuse ANY of them while
 still allowing access.  Thus if someone codes an application that
 wants to read all my tweets and send a solicit message, as an end-user
 I should be able to allow the read access but deny the tweet writes.
 
 Yes, this would complexify (wee) the UI, but it would enable people to
 avoid the Twitter-worms that annoy us so much.
 
 Marc

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en