Affective August 31st, Twitter changed the authentication mechanism by which applications interact with the service moving from stored authentication to a system known as OAuth.
For those not inclined to read the Wikipedia article on OAuth, in a nutshell, it stands for “Open Authorization”.
To date, Twitter has worked via stored passwords. So, in the case of tools like TweetDeck and Seesmic or online services like 4Square, people’s username/password strings were stored at the application level. This allowed those applications to authenticate with Twitter as that person.
Obviously, this creates limitations with respect to what can be done and creates the opportunity for major security issues if username/password lists are lost, compromised or misused.
OAuth is very different. With OAuth, you actually authenicate directly with the service (Twitter in this case) and then Twitter and the application share a key (essentially like an HTML cookie) for the duration of the “conversation” so that the particular application can behave on your behalf without ever knowing your username/password combination.
This change opens up the “always on” capability of Twitter and more “network-aware” capabilities similar to Digg… which, by the way, utilizes not only Facebook Connect but also the new Twitter interface and the Google OAuth interface as well.
It will be interesting, to say the least, to see what people come up with.
Tags: linkedin, OAuth, technology, Web