> I wonder if Twitter could provide developers with an URL for > dynamically generating additional consumer tokens for their > applications. When the user installs a new application it will contact > the developer's server to download its own consumer key/secret. The > developer's server will use its "master" consumer key/secret to post > to the Twitter URL to fetch a new consumer key/secret. The consumer > pair will then be sent to the application via a secure channel > (HTTPS?) to prevent man in the middle attacks. The application will > then use this new consumer pair to perform all signing of requests. > Another option is to package the dynamically generated consumer pair > in the application download package. Each new download will have its > own unique consumer pair ready for use once the user has downloaded > the application.
I like those ideas. They match up maintaining a consistent application identity with better key security. The first one seems more workable. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- I couldn't care less about apathy. -----------------------------------------
