> Leveling the playing field is "elephant in the room" easy: > > Immediately ignore the source parameter on all Basic Auth calls. Right > now. It's a 5-second coding job.
Twitter has announced plans (see @ev's announcement in Dec.) to do almost exactly that come June. Not quite instant gratification, but June is sooner than you think. But two big questions remain: 1. Will Twitter add OAuth additions that allow for alternative credential exchange? (in plain English: username/password on desktop) Raffi has hinted at this previously (source: details ), but few details have emerged. 2. Will Twitter overlook less-than-perfect implementations that improve UX? (i.e. screen scraping the PIN, internal browsers, etc.) So far these practices seem to be flying under the radar in a few clients, but will that change when the big guys enter the game? We'll know the answers in June. It should be fun to watch and make for some lively forum threads. Bring popcorn and stand clear of the flames. ;-) isaiah http://twitter.com/isaiah
