On 9/1/2010 7:47 PM, Julio Biason wrote:

OAuth certainly makes sense as a model for "never type your password
in some weird site 'cause you don't know when they say that they
couldn't connect to Twitter is really that or they are just storing
your login and password to abuse the ecosystem". The whole problem
with it is the revocation of keys when it's believed that the app is
not behaving properly because one single point abuses it. In that
case, the point should be blocked, not the application itself.

Now on that point I can agree, and the revocation model should give application designers the chance to prove that they deserve the benefit of the doubt. How you do that while letting Twitter run a secure system is the problem. In terms of Open Source applications perhaps some sort of "verification" process for applications to submit their source code (not an approval process per se). Verified apps would be given the benefit of the doubt and the individual users would be shut down (or at least the authentications for those individual users).

Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to