If it does have to exist, it should be completely decoupled from, and designed not to be confusable with, authentication of identity.
-
-
-
To elaborate, Y should never be able to ask for access to my data on X & plop a confirmation click-thru in my face...
-
If I wanted to give Y access to some of my data on X, the process should have to be originated by me on site X.
-
I think we're derailing from the point of who owns that data e.g. does your friends' data belong to you or to your friends? One-party or two-party consent?
-
I thought that point was in a different subthread not the one I responded to..?
-
"the reasoning makes more sense in an OAuth context, but they missed something substantial about the multiparty nature of graph data. which is bizarre. because graph data is what they do." was the start of the thread -- that indicated that importance of ownership question > OAuth
-
but anyways, feel free to keep on discussing the OAuth intricacies, it's just less interesting to me than the other subject and I'd appreciate an untag :)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.