Sunday at 7:30 pm
- louisgray.com
- Link
ChangeForge | Ken Stewart, Sumit Chachra, Charles Baldwin and 11 other people liked this
Twitter should adopt something like the Friendfeed's remote key as a short-term solution. Of couse, it's not as complete as OAuth, but it's simple enough to implement and does the job. - fbrunel
It was Twitter's simplicity, a large infusion of cash to make it stable, and then the hyper multi-media play (CNN, etc.) that increased activity on the service many called 'dead' last year at this time. There are lessons to be learned here. Once a product reaches a very high level of users, there will always be security concerns along the way - Charlie Anzman
OAuth is over-complicated. You could do the same thing by validating specific domains to use your existing credentials. Twitter already does this when throttling apps to 100 requests per hour per IP address. Only realized this today when I got throttled. - Dave Winer
OAuth is designed to let you choose what permissions you give to which domains, so you need per-user, per-domain tokens. It's also designed to be revocable - Kevin Marks
Kevin, exactly the same can be done using domains w/o the complexity for apps. - Dave Winer
