- From: David Larlet <larlet@gmail.com>
- Date: Sun, 25 Jan 2009 00:46:30 +0100
- To: public-social-web-talk@w3.org
Le 24 janv. 09 à 18:35, Karl Dubost a écrit : > About Twitter and OAuth (the article is long but it contains > interesting bits for this group) > > On Thu, 01 Jan 1970 00:00:00 GMT > In Why Twitter's New Security Solution Could Pave the Way to a > Future Web of Mashups - ReadWriteWeb > At http://www.readwriteweb.com/archives/why_twitters_new_oauth_matters.php There are a lot of false assertions in this article (see Stuart Dallas' comments), the worse part is comparing OpenID to OAuth although they are complementary! Furthermore, OAuth does not improve security (nor trust) at all, it just allows fine grained access to resources/data. Nothing more. Of course if you restrict access to the password resource it does improve "security" (the third party app can't change your password anymore) but certainly not as the miracle solution proposed in this article. Interesting posts on that topic: http://factoryjoe.com/blog/2009/01/02/twitter-and-the-password-anti-pattern/ http://blog.joncrosby.me/post/68470033/oauth-phishing-and-twitter Best regards, David Larlet
Received on Sunday, 25 January 2009 08:03:41 UTC