> Another hunch: desktop apps are negligible and the real load comes > from web apps who spider asynchronously 24/7. Should the load be > differentiated across client and web apps? Client apps are typically > only one user per device at a time, whereas the web app may be > spidering on behalf of who knows how many people.
The problem here is distinguishing the two. OAuth doesn't (and I was told this by one of the people on the OAuth committee) specifically allow you to unambiguously and securely identify an application just because it has a certain app key, and Twitter's Basic Auth implementation uses source keys pretty much purely cosmetically. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- BOND THEME NOW PLAYING: "Die Another Day" ----------------------------------