Social Web Q&A with Google’s Kevin Marks
http://www.techcrunchit.com/2009/02/23/social-web-qa-with-googles-kevin-marks/

I call this the “social cloud,” meaning that “social” will be integrated with the web so that you don’t think about it anymore. Charlene Li calls this same idea “social networks become like air.” The web itself is like this — following links seems like second nature to us because we know a URL can take us anywhere. -- (on OpenSocial and other things)

In this Q&A-style post, Kevin delves into the standards that make up the emerging open social stack (OpenID, OAuth, Portable Contacts, and OpenSocial), looking at the infrastructure problems they address, and exploring some of the live implementations, including Plaxo and Google Friend Connect.

Neat gem that uses Twitter as the login authentication for your app. Interesting idea and makes it one less thing to worry about when building a secured app.

TwitterAuth is a Rails plugin that provides a full external authentication stack for Rails applications utilizing Twitter.

u quickly build a TwitterAuth app for depl

Twitter Demo App

pattern of authentication that allows users to connect their Twitter account with third-party services in as little is one click. It utilizes OAuth and although the flow is very similar, the authorization URL and workflow differs slightly as described below.

Use your twitter account as an openID account to sign-in

adding site sign-in using twitter

Interesting differentiations between OpenID and OAuth ... neither of which I have played with that much. But twitter has recently implemented an OAuth solution.

From Hueniverse

This is the way the web should work. Facebook - pleas join this!

Google, Yahoo! and MySpace support for OpenID

And that's how a decentralized community solved a security threat in an open identity spec, quickly. One company (Twitter) took a risk at implementing a new technology advocated by an employee of another company (Yahoo's Hammer-Lahav), then an engineer at yet another company found the beginning of the security hole, then news of the whole problem was sent out to contacts on a Wiki, an email list was formed, companies donated their employees' valuable time to aid in the effort, everyone more or less kept their mouths shut (including the unfairly criticized Twitter) and then everyone worked together to find a solution just in time. I think that's a pretty cool story.

RT @jayrosen_nyu: I understood about 40% of this, but wow, what a story. How OAuth Security Battle Was Won, Open Web Style http://tr.im/jICt [from http://twitter.com/CircleReader/statuses/1617435709]

At some point in conversation Hammer-Lahav realized that the problem went far beyond the Twitter implementation. The OAuth protocol had an inherent vulnerability; big companies like Google, Netflix and Yahoo had implemented OAuth and scores of tiny startups had too... OAuth has support, but it doesn't have a centralized authority ready to deal with problems like this. Over the next week a story unfolded as the community moved to deal with the security issue. It's a dramatic story.

Twitter has quietly given some developers access to a new feature, Sign in with Twitter, which uses Twitter's new OAuth technology to allow people to log into

which uses Twitter’s new OAuth technology to allow people to log into and ac

tter has quietly given some developers access to a new feature, Sign in with Twitter, which uses Twitter’s new OAuth technology to allow people to log into and access 3rd party websites using their Twitter accounts

Every OAuth provider should encapsulate OAuth authorization inside OpenID. Better UX, lesser redirects http://bit.ly/7qbfPB

OAuth-enabled APIs su

use of Portable contacts api for google

In case you missed the announcement a while back, Google Contacts now available through Portable Contacts standard