Hey wiki comics is advertising some pharmacy links you can find below. Sorry for any inconvenience. Hope you can understand... Links are below: Tadalafil Citrate | generic cialis 10 mg | tadalafil citrate 10mg | tadalafil citrate 5mg | generic cialis 40 mg |

Business - Written by on Wednesday, February 11, 2009 9:36 - 0 Comments

Twitter as the basis of an open login scheme

Everyone hates juggling usernames and passwords. So all the great activity around OpenID, Facebook Connect, and more recently OpenID and facebook – all which suggest that mainstream use of open web authentication schemes are reaching critical mass.

I like the idea, a lot. However, I think it’s a bit early to bet on one horse – so why not add more to the mix. I like twitter’s generally open approach, so why can’t they play in this space.

So, here’s a proposal on how anyone can use twitter as an open authentication scheme to log into their site:

The first step is a login page (screenshot below) which gives you a unique one-time authentication key that is used to identify your session. In this example the one-time code is “82kjx_OneTimeAccessCode_IeZh9els” and it is designed to be tweeted (probably best to DM) to the web site owner’s account (“SiteTwitterName”in this case). By DM’ing the one-time code to the site owner you link your session to a specific twitter account, and by DM’ing it, you provide proof that you own that twitter account. To make this easier to tweet, you could add a “copy to clipboard link”, or “tweet to login” button/link which would automatically prepopulate the tweet in a browser window (see next screenshot).

Below is a sample of what the page might look like after you click the “tweet this to login” button.  You can imagine the button creating a popup window like this (if the browser allows popup windows). On twitter, it’s easy to prepopulate a page with a ready-to-tweet message like this. Just open a page with the URL:


And that link should give you a page similar to the one below:

Then, once you send the DM through twitter. The website can use the twitter API to read the DM and then make a connection between your twitter ID and the unique session key in order to authenticate you. At that point, your original login page can be refreshed, logging you in automatically. Voila, you are logged into a website using your twitterID as the account name:

A login scheme like this would work with twitter, but equally well with any messaging or IM service that’s sufficiently quick and also has an API. One of the best things about it is that it doesn’t require any endorsement of the service provider in order to use it for authentication either. You can even imagine doing this via a mobile phone too (either through cameraphone image, QR code (discussed here and here), IVR, OCR, or even a “sound” produced by the website that you could hold your phone up to).

Any suggestions about holes or problems with this scheme that I may be missing? Or ideas for improvements?

If anyone would like to implement the first working demo of this scheme it would be a great contribution to the public good.  I’d love to credit you with it here. Happy to share any demo code for it too if you wish.

…please contact me via twitter @crasheral if you would like to help kickstart this.

Comments are closed.

Now available in paperback!
Don Tapscott and Anthony D. William's latest collaboration, Macrowikinomics: New Solutions for a Connected Planet. Learn more.

Business - Oct 5, 2010 12:00 - 0 Comments

DRM and us

More In Business

Entertainment - Aug 3, 2010 13:14 - 2 Comments

Want to see the future? Look to the games

More In Entertainment

Society - Aug 6, 2010 8:19 - 4 Comments

The Empire strikes a light

More In Society