oauth

< security < openid < usability < ui < for:bergie < google < for:@twitter <
TwitterFacebook
Get flash to fully experience Pearltrees
Last Friday was a hot day in Sebastopol, California. Eran Hammer-Lahav rolled into town hours after finding out that there was a security hole in his pet project for the last few months, a new way to use Twitter to log in to third party sites using the OAuth protocol instead of user names and passwords. Working as the Open Web Evangelist at Yahoo, Hammer-Lahav was relieved to have been told about the hole so he could help fix it. When he arrived in Sebastopol at a small event of industry leaders called Social Web FOO Camp , he talked with friends and colleagues about it. At some point in conversation Hammer-Lahav realized that the problem went far beyond the Twitter implementation. The OAuth protocol had an inherent vulnerability; big companies like Google, Netflix and Yahoo had implemented OAuth and scores of tiny startups had too. http://www.readwriteweb.com/archives/how_the_oauth_security_battle_was_won_open_web_sty.php

How the OAuth Security Battle Was Won, Open Web Style - ReadWrit

API Wiki / Sign in with Twitter

https://dev.twitter.com//Sign-in-with-Twitter flows, depending on the user's current state: Signed in to twitter .com: When ... in to twitter .com: This will open the Intent box and prompt the user to sign in to twitter ... The Follow Button is a small widget which allows users to easily follow a Twitter account from any webpage. ... signed by both you and Twitter . You may not assign any of the rights or obligations granted hereunder, ... Last Update - 1st of June 2011 Rules of the Road Twitter maintains an open ... flowing through Twitter .

Mashups: Google&#039;s Adoption Makes oAuth a Must Have for All

Open standard based user authentication protocol oAuth has now been implemented across all Google Data APIs , quickly offering this young standard for easy mashups more market validation than it's ever had before. Eight months ago we wrote about the launch of oAuth 1.0 , asking if the standard would lead to a flood of mashups across the web. A standard method of authenticating users across different services means that mashup builders need only write one authentication process, then apply it to all data sources that support the standard. That's hot, and it's now spreading faster around the web than we thought. We discuss what this means for users below. http://www.readwriteweb.com/archives/google_oauth.php