Need someone to lead product management at your software company? I build high-craft software and the teams that build it. I'm looking for my next opportunity. Check out my resume and get in touch.

Adam Kalsey

This is the blog of Adam Kalsey. Unusual depth and complexity. Rich, full body with a hint of nutty earthiness.

OAuth

8 Oct 2007

OAuth is a great idea. As Six Apart says in their announcement of support...

Right now, if you want Flickr to post to your TypePad blog, or you want to connect a client to update both your Twitter account and your LiveJournal, you have to give them the password to your account, giving a third-party free reign on your site. Even worse, on some other services, the password for an account used for blogging or other applications is the same login that controls extremely sensitive information like your email account or credit card systems.

OAuth aims to standardize the way in which different consumer systems share data. The goal is to allow a person to give an application access to do some things on your accounts at other sites, but not everything. It’s role-based authorization for APIs.

Right now you give Facebook your Yahoo username and password so they can check so you can connect with Yahoo Mail contacts that are also on Facebook. That’s fine and dandy as long as Facebook doesn’t decide to do anything malicious with your account (like send an email to everyone, pretending to be you). Or as long as their systems aren’t compromised.

What OAuth wants to do is allow you to give Facebook permission to see your Hotmail contacts, but not to send them email, to change your contacts, or to read your mail.

At IMified, we’re looking into the specification and we’ll be implementing support in our apps. When you give us access to post to your Google Calendar, you shouldn’t have to trust us that we won’t also be reading your email. I mean, you can trust us, but you shouldn’t have to.

Recently Written

Should individual people have OKRs?
May 14: A good OKR describes and measures an outcome, but it can be challenging to create an outcome-focused OKR for an individual.
10 OKR traps and how to avoid them
May 8: I’ve helped lots of teams implement OKRs or fix a broken OKR process. Here are the 10 most common problems I see, and what to do instead.
AI is Smart, But Wisdom Requires Judgement
May 3: AI can process data at lightning speed, but wisdom comes from human judgment—picking the best imperfect option when facts alone don’t point the way.
Decoding Product Leadership Titles
Mar 18: Not all product leadership titles mean what they sound like. ‘Head of Product’ can mean anything from a senior PM to a true VP. Here’s how to tell the difference.
What branding can teach about culture
Jan 8: Culture is your company’s point of view in action—a framework guiding behavior, even in the unknown. You can’t copy it; it must reflect your unique perspective.
Think Systems, not Symptoms
Dec 15: Piecemeal process creation frustrates teams and slows work. Stop patching problems and start solving systems. Adopting a systems thinking approach helps you design processes that are efficient, aligned with goals, and truly add value.
Your Policies Aren’t Your Culture
Dec 13: Policies guide behavior, but culture is the lived norms and values of your team. Policies reflect culture -- they don’t define it. Netflix’s parental leave shift didn’t change its culture of freedom and responsibility. It clarified how to live it.
Lighten Your Process Burden
Dec 7: Everyone hates oppressive processes, but somehow we keep managing to create them.

Older...

What I'm Reading