> Leveling the playing field is "elephant in the room" easy:
> 
> Immediately ignore the source parameter on all Basic Auth calls. Right
> now. It's a 5-second coding job.

Twitter has announced plans (see @ev's announcement in Dec.) to do almost 
exactly that come June.  Not quite instant gratification, but June is sooner 
than you think.

But two big questions remain:

1.  Will Twitter add OAuth additions that allow for alternative credential 
exchange?  (in plain English:  username/password on desktop) Raffi has hinted 
at this previously (source: details ), but few details have emerged.


2.  Will Twitter overlook less-than-perfect implementations that improve UX?  
(i.e. screen scraping the PIN, internal browsers, etc.)  So far these practices 
seem to be flying under the radar in a few clients, but will that change when 
the big guys enter the game?


We'll know the answers in June.  It should be fun to watch and make for some 
lively forum threads.  Bring popcorn and stand clear of the flames.  ;-)


isaiah
http://twitter.com/isaiah

Reply via email to