Comments on: Twitter to Implement OAuth as Future Authentication Method http://microblink.com/2009/01/05/twitter-to-implement-oauth-as-future-authentication-method/ Microblogging News and Reviews for Platforms, Tools and Services Sat, 20 Mar 2010 14:44:15 -0700 http://wordpress.org/?v=2.8.6 hourly 1 By: Mark Bockenstedt http://microblink.com/2009/01/05/twitter-to-implement-oauth-as-future-authentication-method/#comment-630 Mark Bockenstedt Sat, 10 Jan 2009 19:18:15 +0000 http://microblink.com/?p=2106#comment-630 <b>@Chris</b> Sounds great, I'll be sure to check it out. Thanks for sharing. @Chris

Sounds great, I’ll be sure to check it out. Thanks for sharing.

]]> By: Chris Messina http://microblink.com/2009/01/05/twitter-to-implement-oauth-as-future-authentication-method/#comment-629 Chris Messina Sat, 10 Jan 2009 19:09:50 +0000 http://microblink.com/?p=2106#comment-629 You might be interested in the podcast that Larry Halff (Ma.gnolia) and I did with Alex Payne on Twitter, security, phishing and OAuth the other day: http://tr.im/cg_10 You might be interested in the podcast that Larry Halff (Ma.gnolia) and I did with Alex Payne on Twitter, security, phishing and OAuth the other day:

http://tr.im/cg_10

]]> By: StevieB’s Shared Items - January 6, 2009 at Lost in Cyberspace http://microblink.com/2009/01/05/twitter-to-implement-oauth-as-future-authentication-method/#comment-592 StevieB’s Shared Items - January 6, 2009 at Lost in Cyberspace Tue, 06 Jan 2009 11:02:45 +0000 http://microblink.com/?p=2106#comment-592 [...] Twitter to Implement OAuth as Future Authentication MethodJanuary 5, 2009 [...] [...] Twitter to Implement OAuth as Future Authentication MethodJanuary 5, 2009 [...]

]]> By: Andy Brudtkuhl http://microblink.com/2009/01/05/twitter-to-implement-oauth-as-future-authentication-method/#comment-590 Andy Brudtkuhl Tue, 06 Jan 2009 05:01:23 +0000 http://microblink.com/?p=2106#comment-590 That clears it all up! That smells like a full on blog post :) That clears it all up! That smells like a full on blog post :)

]]> By: Mark Bockenstedt http://microblink.com/2009/01/05/twitter-to-implement-oauth-as-future-authentication-method/#comment-589 Mark Bockenstedt Tue, 06 Jan 2009 03:07:42 +0000 http://microblink.com/?p=2106#comment-589 Andy I agree that OpenID is more widely known than OAuth is since big names like AOL, Flickr, MySpace, and Yahoo have adopted it. OAuth benefits over standard authentication (username/password combo) in the fact that it's a standardized, secure way to authenticate against an API. I think Mashable put it best when they said: "OpenID solves the problem of having far too many usernames and passwords to remember. OAuth solves the problem of how to share information between sites without giving your password from one site to another." The importance of OAuth is that it's standardized. There are no standards regarding safely storing or transmitting passwords - you could encrypt it, hash it, etc but there's nothing telling you what you must do. It's also really good at safely sharing information between sites and services, which is why it's an excellent fit for this scenario. There's a good example describing the process for both methods <a href="http://cakebaker.42dh.com/2008/04/01/openid-versus-oauth-from-the-users-perspective/" rel="nofollow">here</a>. There's a complicated workflow for OAuth on how access is requested and granted <a href="http://oauth.net/core/1.0/#anchor9" rel="nofollow">here</a>. Andy
I agree that OpenID is more widely known than OAuth is since big names like AOL, Flickr, MySpace, and Yahoo have adopted it. OAuth benefits over standard authentication (username/password combo) in the fact that it’s a standardized, secure way to authenticate against an API. I think Mashable put it best when they said:

“OpenID solves the problem of having far too many usernames and passwords to remember. OAuth solves the problem of how to share information between sites without giving your password from one site to another.”

The importance of OAuth is that it’s standardized. There are no standards regarding safely storing or transmitting passwords – you could encrypt it, hash it, etc but there’s nothing telling you what you must do. It’s also really good at safely sharing information between sites and services, which is why it’s an excellent fit for this scenario. There’s a good example describing the process for both methods here. There’s a complicated workflow for OAuth on how access is requested and granted here.

]]> By: Andy Brudtkuhl http://microblink.com/2009/01/05/twitter-to-implement-oauth-as-future-authentication-method/#comment-587 Andy Brudtkuhl Mon, 05 Jan 2009 21:35:57 +0000 http://microblink.com/?p=2106#comment-587 How is oAuth more secure than the current authorization system? Also - what's the benefit of oAuth over OpenID? Seems OpenId has been more widely adopted... How is oAuth more secure than the current authorization system? Also – what’s the benefit of oAuth over OpenID? Seems OpenId has been more widely adopted…

]]>