A number of older threads for reference:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/5994f3237bbb6876/
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/85dbaef35d68fc9e/
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/629b03475a3d78a1/
<http://groups.google.com/group/twitter-development-talk/browse_thread/thread/629b03475a3d78a1/>
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8bb09eb7b045b4d8/
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/d50090ad677bdb52/
<http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8bb09eb7b045b4d8/>

On Mon, Oct 12, 2009 at 15:00, Duane Roelands <duane.roela...@gmail.com>wrote:

>
> Please do NOT adopt anything like the Facebook model.  Facebook
> authentication for desktop applications is a nightmare.  You have to
> programatically interact with the browser and it's an enormous hassle.
>
> I think that the OAuth flow for desktop applications is fine as-is.
> Mobile apps need some love, no question, but for desktop apps, I don't
> think anything is all that broken.
>
> On Oct 12, 3:38 pm, Isaiah <supp...@yourhead.com> wrote:
> > > 1. What can be improved about the web workflow?
> >
> > I'll leave this one for the web dudes.
> >
> > > 2. What can be improved about the desktop workflow?
> >
> > The UX:  it's currently very complicated for the user.  Much more more
> > complicated than basic auth.  Users are unaccustomed to it.  Novelty
> > isn't a bonus during authorization.
> >
> > The browser:  drop-kicking the user to another app seems egregious.
> > Make it so that this is unnecessary and the UX problem is nearly solved.
> >
> > The assumption:  there seems to be an assumption that twitter clients
> > are *not* trusted and the web browser *is* trusted.  But the reality
> > is that all of the phishing, scams, and untrusted things that I'm
> > bombarded with daily come in the browser.  Please help me to resolve
> > this paradox.
> >
> > > 3. What other models of distributed auth do you think we could learn
> > > from and what specifically about them?
> >
> > All of the clients for everything that needs authorization on my
> > desktop use a basic-auth-like model:  email, ftp, backup services,
> > picture sharing, blogging, well, you get the idea.  I'm not saying
> > it's right or wrong, but that is the way it is.
> > I want my app to be part of that ecosystem and not stand out like a
> > sore thumb.
> >
> > Make matching the user experience of other desktop apps your goal.  If
> > you can't achieve that goal, then maybe OAuth isn't ready for the
> > desktop.  Or perhaps it's more apt to say that the desktop is not
> > ready for OAuth.
> >
> > If you say, "it's really no big deal to add this one step," then
> > stop.  It **is** a big deal.  Every step added is **really** big
> > deal.  Really.
> >
> > > 4. What could we improve around the materials for integrating OAuth
> > > into your application?
> >
> > It's not all the complicated to implement.  There's a lot of open
> > source on web in a multitude of languages.
> > If you have manpower to throw around, please work on the UX first.  ;-)
> >
> > I'd be happy to contribute to any open source project that helps to
> > achieve this.  Count me in.
> >
> > Isaiah
>



-- 
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
http://web608.org/geeks/abraham/blogs/2009/10/03/win-google-wave-invite
This email is: [ ] blogable [x] ask first [ ] private.

Reply via email to