This blog can't be viewed on LiveJournal. Instead see http://www.apparently.me.uk/14977.html.

  • Permission for Plaxo

    OAuth requires Plaxo to identify itself as the agent for the user, allowing Vox to make a decision about what to expose to Plaxo. Note that the situation is same with a piece of client software, assuming that it can also talk to its home server and isn't fully locked down with a locally generated private/public key pair -- end users are using agents in any case, and the full DRM solution just isn't viable. So OAuth enables realistic solutions revolving around what agents to trust and how much. Requiring opt-in from the affected friends is also a possibility in this model.
    By ext_99907 at 09:04 pm on 14th May 2008
    • Re: Permission for Plaxo

      I suppose you are right about the agent thing, but I tend to trust software on my own computer more than I trust web apps. I give software on my computer my passwords all the time, but I won't (for example) give my Hotmail password to Plaxo.

      I suppose an interation model that could work would be for the consuming user to send a subscription request (via the aggregator app, e.g. Plaxo) which the publishing user would acknowledge, thus giving permission for Plaxo to fetch events. Once you're sending subscription requests it's not much of a leap to use a push model rather than a polling model. I wonder if it would be best to push all of a user's events into a single "eventing provider" and have friends subscribe via that provider; this has the advantage that our publishing user only has to deal with one permissions UI. This sounds somewhat like what was discussed in Dick's IIW session on Monday morning.

      By Martin Atkins at 11:04 pm on 14th May 2008