-
Notifications
You must be signed in to change notification settings - Fork 0
Security
iwinoto edited this page May 9, 2013
·
2 revisions
A popular authentication framework being used by web apps is OAuth with OpenIDs from social media networks like twitter, FaceBook and Google+. This allows app users to authenticate the web app using their social network IDs.
This method allows the app full access to the users status stream and can be subject to abuse by applications for scams, spam and unauthorised data mining Wikipedia. While our applications may not abuse the users trust in this way, if we use the same method we may be tainted by reports of such abuse.
Integration with users social media personas is useful and we should investigate OAuth as well as OpenID further.
We should also develop a privacy policy and method for user recourse.