this is an interesting idea -- what twitter could do is keep "key
hierarchies" mapping a master consumer key to subsidiary consumer keys...?

On Sun, Jan 31, 2010 at 8:04 AM, Josh Roesslein <>wrote:

> I wonder if Twitter could provide developers with an URL for
> dynamically generating additional consumer tokens for their
> applications. When the user installs a new application it will contact
> the developer's server to download its own consumer key/secret. The
> developer's server will use its "master" consumer key/secret to post
> to the Twitter URL to fetch a new consumer key/secret. The consumer
> pair will then be sent to the application via a secure channel
> (HTTPS?) to prevent man in the middle attacks. The application will
> then use this new consumer pair to perform all signing of requests.
> Another option is to package the dynamically generated consumer pair
> in the application download package. Each new download will have its
> own unique consumer pair ready for use once the user has downloaded
> the application.
> This still requires the developer maintain a server to perform the
> consumer pair generation, but it does keep the "master" pair secure
> and each application gets its own pair. But applications that are
> willing to make this trade off can keep the UX good, control what
> application instances can authorize on the application's behalf, and
> the "master" pair is never shared. You can always still distribute the
> "master" pair with each application if these security gains are not
> that important to you. Or you can require your users to generate their
> own consumer pair if UX is not much of an issue (example: distributed
> server applications) where an advance users is at the wheel and won't
> have issues figuring this out.
> Josh

Raffi Krikorian
Twitter Platform Team

Reply via email to