Comments on: Identity, relationships and why OAuth and OpenID matter http://derivadow.com/2009/01/08/identity-relationships-and-why-oauth-and-openid-matter/ ...is a blog by Tom Scott a place where I ramble about my thoughts and observations on the open web, linked data, URIs and generally how technology and design can create great things for people to use. Mon, 06 Feb 2012 21:20:16 +0000 hourly 1 http://wordpress.com/ By: Tom Scott http://derivadow.com/2009/01/08/identity-relationships-and-why-oauth-and-openid-matter/#comment-2410 Thu, 08 Jan 2009 21:53:55 +0000 http://derivadow.com/?p=849#comment-2410 Chris, the relationship type stuff came from here: http://itc.conversationsnetwork.org/shows/detail3829.html but it was in fact Bob Blakley not Jamie.

And yes completely agree with your points – my bad – I have confused the situation somewhat by messing up the history. Sorry folks.

]]> By: Chris Messina http://derivadow.com/2009/01/08/identity-relationships-and-why-oauth-and-openid-matter/#comment-2409 Thu, 08 Jan 2009 18:50:07 +0000 http://derivadow.com/?p=849#comment-2409 Great post Tom. I really like the different classes of relationships — do you have a reference where Jamie lays them out?

Also, I want to point out two important points.

1. Twitter was hacked with a dictionary attack against an admin’s account. Not from phishing, and not from a third-party’s database with Twitter credentials.
2. The phishing scam worked because it tricked people into thinking that they received a real email from Twitter.

In both cases, neither OpenID nor OAuth would have prevented the abuse from happening. It’s important that that’s clarified, because, while it’s essential that Twitter support these technologies, it should be made clear that vigilance and strong passwords really were the only things that would have prevented this blow up.

I get what you’re saying and completely agree — but it’s important that we address this situation as it actually happened.

]]>