Blogs

BROWSE: Most Recent | Popular Tags |

Tags > oauth

The Myth of the Private API

By George Reese
September 6, 2013

A little over a week ago, I wrote about how the authentication model for an unpublished Tesla REST API was architecturally flawed because it failed to take basic precautions against the sharing of credentials with third-parties common to most REST-based …

Tesla Model S REST API Authentication Flaws

By George Reese
August 27, 2013

As many of you know, APIs matter to me. I have lightbulbs that have APIs. Two months ago, I bought a car that has an API: The Tesla Model S. For the most part, people use the Tesla REST API via the iPhone and …

Twitter kills the password anti-pattern, but at what cost?

Twitter kills the password anti-pattern, but at what cost?
By Jon Udell
September 10, 2010

It's good to see Twitter driving a stake into the heart of the password anti-pattern. But the Twitter ecosystem wouldn't exist if it hadn't been possible to sketch ideas, and to explore the unanticipated uses that can emerge from the soup of active ingredients that the web has become.

Get ready to create an Android Twitter app

By Elisabeth Robson
May 4, 2010

If you're interested in learning how to build a Twitter app on your Android phone with Java then you'll want to check out our upcoming online course, Developing Android Applications with Java: Building a Twitter App, and you'll want to watch this screencast so you're ready to go on the first day of class.

What's going on with OAuth?

What's going on with OAuth?
By David Recordon
January 8, 2010

WRAP attempts to simplify the OAuth protocol, primarily by dropping the signatures, and replacing them with a requirement to acquire short lived tokens over SSL. It is not an even trade-off, and the new proposal has a different set of security characteristics, benefits, and shortcomings.

Up Close with an Enigma

By Ben Lorica
May 8, 2009

At last month's RSA conference in San Francisco, I stumbled upon a vintage 1944 model of the German crypothographic machine, popularly known as the Enigma. This particular machine was owned by the National Cryptologic Museum, and was part of a larger booth hosted by the National Security Agency. The staff at the exhibit were quite friendly and it didn't take...

Portable Contacts API Starts to Get Real

By David Recordon
September 11, 2008

This evening Joseph and John of Plaxo and I have been hosting a hackathon at Six Apart for the Portable Contacts API (video about PorC). The Portable Contacts API is designed "to make it easier for developers to give their users a secure way to access the address books and friends lists they have built up all over the...

MySpace's Data Availability is not Data Portability

By David Recordon
May 9, 2008

Arguably vaporware, yesterday MySpace, Yahoo!, eBay, Photobucket (also owned by News Corp), and Twitter announced the Data Availability Initiative. While I could write at length about how this shows the big companies have already realized how to diminish the DataPortability group's brand by linking anything they do "data portability", that isn't the point of this post. The crux of the...

Building Better Silos

By Mike Loukides
April 10, 2008

It's been good to watch the use of OpenID spread. It's great to see that ma.gnolia.com has dropped "traditional login" in favor of OpenID. And I was encouraged to read about Yahoo's support of OpenID. Granted, it took me a while to get around to trying it. But when I got around to trying it, Yahoo!ID was a disappointment. The...


1 to 9 of 9
The Watering Hole