> Another hunch: desktop apps are negligible and the real load comes
> from web apps who spider asynchronously 24/7. Should the load be
> differentiated across client and web apps? Client apps are typically
> only one user per device at a time, whereas the web app may be
> spidering on behalf of who knows how many people.

The problem here is distinguishing the two. OAuth doesn't (and I was
told this by one of the people on the OAuth committee) specifically
allow you to unambiguously and securely identify an application just
because it has a certain app key, and Twitter's Basic Auth implementation
uses source keys pretty much purely cosmetically.

------------------------------------ personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- BOND THEME NOW PLAYING: "Die Another Day" ----------------------------------

Reply via email to