ENTRIES TAGGED "oauth"

Twitter kills the password anti-pattern, but at what cost?

Twitter kills the password anti-pattern, but at what cost?

Assertion and delegation of identity can now be easy or safe. But we need both.

It's good to see Twitter driving a stake into the heart of the password anti-pattern. But the Twitter ecosystem wouldn't exist if it hadn't been possible to sketch ideas, and to explore the unanticipated uses that can emerge from the soup of active ingredients that the web has become.

Read Full Post | Comments: 15 |
What's going on with OAuth?

What's going on with OAuth?

WRAP attempts to simplify the OAuth protocol, primarily by dropping the signatures, and replacing them with a requirement to acquire short lived tokens over SSL. It is not an even trade-off, and the new proposal has a different set of security characteristics, benefits, and shortcomings.

Read Full Post | Comments: 11 |

Up Close with an Enigma

At last month's RSA conference in San Francisco, I stumbled upon a vintage 1944 model of the German crypothographic machine, popularly known as the Enigma. This particular machine was owned by the National Cryptologic Museum, and was part of a larger booth hosted by the National Security Agency. The staff at the exhibit were quite friendly and it didn't take…

Read Full Post | Comments: 6 |
Portable Contacts API Starts to Get Real

Portable Contacts API Starts to Get Real

This evening Joseph and John of Plaxo and I have been hosting a hackathon at Six Apart for the Portable Contacts API (video about PorC). The Portable Contacts API is designed "to make it easier for developers to give their users a secure way to access the address books and friends lists they have built up all over the…

Read Full Post | Comments: 13 |

MySpace's Data Availability is not Data Portability

Yesterday MySpace, Yahoo!, eBay, Photobucket (also owned by News Corp), and Twitter announced the Data Availability Initiative. While I could write at length about how this shows the big companies have already realized how to diminish the DataPortability group's brand by linking anything they do "data portability," that isn't the point of this post. The crux of the announcement yesterday…

Read Full Post | Comments: 10 |

Building Better Silos

It's been good to watch the use of OpenID spread. It's great to see that ma.gnolia.com has dropped "traditional login" in favor of OpenID. And I was encouraged to read about Yahoo's support of OpenID. Granted, it took me a while to get around to trying it. But when I got around to trying it, Yahoo!ID was a disappointment. The…

Read Full Post | Comments: 16 |