{"id":519,"date":"2008-11-13T14:26:48","date_gmt":"2008-11-13T13:26:48","guid":{"rendered":"http:\/\/www.jurecuhalev.com\/blog\/?p=519"},"modified":"2008-11-13T14:26:48","modified_gmt":"2008-11-13T13:26:48","slug":"twitterank-and-the-perceived-need-for-oauth","status":"publish","type":"post","link":"https:\/\/www.jurecuhalev.com\/blog\/twitterank-and-the-perceived-need-for-oauth\/","title":{"rendered":"Twitterank and the perceived need for OAuth"},"content":{"rendered":"<p>In the last few days, there have been a number of stories about Twitterank and the way it asks you for your <a class=\"zem_slink\" title=\"Twitter\" rel=\"homepage\" href=\"http:\/\/www.twitter.com\/\">Twitter<\/a> username and password in order to calculate something it calls &#8220;<a class=\"zem_slink\" title=\"PageRank\" rel=\"wikipedia\" href=\"http:\/\/en.wikipedia.org\/wiki\/PageRank\">PageRank<\/a> for Twitter&#8221;.<\/p>\n<p><span class=\"zemanta-img zemanta-action-dragged\" style=\"margin: 1em; float: right; display: block;\"><a href=\"http:\/\/www.flickr.com\/photos\/41864721@N00\/3027201864\/\"><img decoding=\"async\" style=\"border: none; display: block;\" src=\"http:\/\/farm4.static.flickr.com\/3198\/3027201864_4c1400050b_m.jpg\" alt=\"City Under Sky\" \/><\/a><span class=\"zemanta-img-attribution\" style=\"font-size: 0.8em; margin: 1em 0 0; display: block;\">Image by <a href=\"http:\/\/www.flickr.com\/photos\/41864721@N00\/3027201864\/\">ecstaticist<\/a> via Flickr<\/span><\/span><\/p>\n<p>The issue here, as you might have guessed already, is that the service requires you to enter a password and is in this way essentially a <a class=\"zem_slink\" title=\"Phishing\" rel=\"wikipedia\" href=\"http:\/\/en.wikipedia.org\/wiki\/Phishing\">phishing site<\/a>.<\/p>\n<p>As a solution to this problem, everyone in the debate is calling for an use of <a class=\"zem_slink\" title=\"OAuth\" rel=\"wikipedia\" href=\"http:\/\/en.wikipedia.org\/wiki\/OAuth\">OAuth<\/a>, authentication protocol that doesn&#8217;t require one to disclose authentication tokens.<\/p>\n<p>So that&#8217;s what we already know and the industry essentially decided on &#8211; OAuth is good for breaking walled gardens. Yet there&#8217;s another point to this story, that I haven&#8217;t seen being presented &#8211; <span style=\"font-weight: bold;\">there is no real need for any authentication in this service<\/span>.<\/p>\n<p>Twitter has an excellent API, that allows you to see who a (public profile) person follows without any need for authentication. You can either parse microformats on the page or use their API. It&#8217;s even bidirectional as you can see both &#8220;friends&#8221; and &#8220;followers&#8221; depending on direction of connection you are interested in.<\/p>\n<p>Oh, an that &#8220;viral&#8221; tweet, that service allows you to post after you&#8217;ve checked your Twitter rank? You can do it with a piece of Javascript.<\/p>\n<p><span style=\"font-weight: bold;\">The big point<\/span><\/p>\n<p>So the issue we should be debating about here is how to build more services like Twitter that allow you to access information in computer readable formats using Microformats, <a class=\"zem_slink\" title=\"RDFa\" rel=\"wikipedia\" href=\"http:\/\/en.wikipedia.org\/wiki\/RDFa\">RDFa<\/a> or just <a class=\"zem_slink\" title=\"Representational State Transfer\" rel=\"wikipedia\" href=\"http:\/\/en.wikipedia.org\/wiki\/Representational_State_Transfer\">RESTful<\/a> API and not how to authenticate into\u00a0overly\u00a0closed gardens.<\/p>\n<p>\u00a0<\/p>\n<fieldset class=\"zemanta-related\">\n<legend class=\"zemanta-related-title\">Related articles by Zemanta<\/legend>\n<p>\u00a0<\/p>\n<ul class=\"zemanta-article-ul\">\n<li class=\"zemanta-article-ul-li\"><a href=\"http:\/\/mashable.com\/2008\/11\/12\/twitterrank\/\">Is Twitterank Ranking Your Popularity Or Stealing Your Password?<\/a><\/li>\n<li class=\"zemanta-article-ul-li\"><a href=\"http:\/\/www.cloudave.com\/link\/wake-up-people-more-than-just-your-twitter-password-web-login-security-phishing\">Wake Up People, It&#8217;s More than Just Your Twitter Password<\/a><\/li>\n<li class=\"zemanta-article-ul-li\"><a href=\"http:\/\/regulargeek.com\/2008\/08\/07\/web-application-integration-with-oauth\/\">Web Application Integration With OAuth<\/a><\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<\/fieldset>\n<p>\u00a0<\/p>\n<div class=\"zemanta-pixie\" style=\"margin-top: 10px; height: 15px;\"><a class=\"zemanta-pixie-a\" title=\"Zemified by Zemanta\" href=\"http:\/\/reblog.zemanta.com\/zemified\/35e84a18-5f29-43bd-b2a0-9d1ba73e1085\/\"><img decoding=\"async\" class=\"zemanta-pixie-img\" style=\"border: none; float: right;\" src=\"http:\/\/img.zemanta.com\/reblog_e.png?x-id=35e84a18-5f29-43bd-b2a0-9d1ba73e1085\" alt=\"Reblog this post [with Zemanta]\" \/><\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>In the last few days, there have been a number of stories about Twitterank and the way it asks you for your Twitter username and password in order to calculate something it calls &#8220;PageRank for Twitter&#8221;. Image by ecstaticist via Flickr The issue here, as you might have guessed already, is that the service requires [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14],"tags":[298,532,530,533,34,531],"class_list":["post-519","post","type-post","status-publish","format-standard","hentry","category-tech","tag-application-programming-interface","tag-authentication","tag-oauth","tag-phishing","tag-twitter","tag-twitterank"],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/posts\/519","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/comments?post=519"}],"version-history":[{"count":1,"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/posts\/519\/revisions"}],"predecessor-version":[{"id":520,"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/posts\/519\/revisions\/520"}],"wp:attachment":[{"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/media?parent=519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/categories?post=519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jurecuhalev.com\/blog\/wp-json\/wp\/v2\/tags?post=519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}