Discovery discussions tend to be very technical and detail-oriented. I have been looking for ways to explain how the basic elements in my discovery proposals are based on simple concepts taken directly from how humans interact with the unknown. Our brain is nothing but a big pattern-matching machine, and machine discovery works in a very similar way.
The basic idea is that discovery is the combination of three concepts:
Discovery = Patterns + Interfaces + Descriptors Continue reading
What started as a small, simple specification ended up spread over 5 (and counting) documents. Given that these are still moving targets, at least for a little bit longer, it can get very confusing for people trying to follow this work. A few months ago I wrote about the new discovery stack which included XRD, LRDD, and the three links. Since then, the design has changed to include new components and some shuffling of the existing ones. Continue reading
The very nature of WebFinger is experimentation.
This means we are likely to see implementation before a fully baked specification. Since at the moment the various bits and pieces of the protocol are somewhat scattered across multiple drafts, this post will attempt to provide a quick implementer guide for those looking to jump right in and get something working.
There is a pretty good story behind this. That is, how we found and managed the OAuth protocol security threat identified last week. In many ways, the story is much more important and interesting than the actual technical details of the exploit.
For everyone involved, this was a first-of-a-kind experience: managing a specification security hole (as opposed to a software bug) in an open specification, with an open community, and no clear governance model. Where do you even begin?
But right now, I know you want the technical details.
Yesterday Twitter released ‘Sign-in with Twitter’, the ability to use Twitter as a delegated sign-in provider for third-party websites. The cool thing about this new feature, which is part of their OAuth API beta, is that it is completely standard OAuth. No extensions, not secret sauce, and not another proprietary provider (yes, I’m looking at you Facebook).
It is Open done right.
With this small enhancement of the Twitter OAuth API, Twitter created a product that directly competes with Facebook Connect. The implementation details are significantly different (and there are some technical shortcoming on both sides), but there is little you can do with one and not the other. There is no reason why ‘Sign-in with Twitter‘ cannot be used anywhere Facebook Connect is offered, including blog posts and activity streaming.