My name's Jesse. I'm a programmer, and I like to ride my bicycle. I live in San Francisco, and my life is good.

Lijit Search

Archive

Ping.fm and the need for a centralized web-service authentication system

It all started so simply; a short status message, and an API to allow third parties to set it. That’s all Twitter was when it was opened to the public back in 2006. Pretty soon every site was following suit by opening their own APIs, and (in the case of Facebook and MySpace) adding status messages to their services. Sites like Jaiku, and Brightkite elaborated on the micro-content model, while Tumblr blurred the line between blogging, social-bookmarking, and micro-content.

Today there are dozens of sites which allow users to post status messages, and other forms of micro-content. The problem now is which to use! If I update my Twitter status, my followers will see it, but what about my Facebook friends? In order to update them all, other services have stepped in, most notably Ping.fm.

Ping.fm can update all my status messages at once. It can even post to my several blogs at the same time. I need only set my status with Ping.fm, and it wil update all my other status messages using the APIs that sites like Pownce, and Plaxo Pulse so graciously opened during the API enlightenment of Web2.0.

However, before Ping.fm can deliver your status message to the sites you use, you have to give it your login credintials for each of those sites. This process is tedious, especially if you don’t use the same logins and passwords on every site (which you shouldn’t). Some sites have a ping-pong authentication process where Ping.fm must forward you to the site to allow Ping.fm to access your content.

There’s something about this that screams bad design to me, but it’s not just Ping.fm. With so many APIs begging to be mashed together, many sites are either aggregating or automating multiple sites. Friendfeed for example requires me to list all the sites I use so that it can combine all my content into one “lifestream”. Most social networking sites ask me to list the other services I use. The trouble arrises when you change your password, or login on any of the sites you have listed. You then have to go back to every site which uses that password, and update it. Right now there are only a handful, but soon there may be so many sites using this info that just keeping them all enabled could be a challenge.

What I believe is needed is a centralized authentication list. A service which would store every set of login credentials that I use across the web, and could inform, and update the services which require this list via an API. Similar to FireEagle, access to this list would be granted to each site individually.

Just an idea, that took a long time to explain :-)

Comments (View)

posted : Wednesday, June 25th, 2008

tags :

blog comments powered by Disqus
brigno nevver plannine topherchris sarahchristine emersunn aprilini magicmolly hilker rgrjnr amyyy kenyatta triciaward frannielalaline mikeontv hipsterdiet deplorableword mementomori dihard sweett faildogs feastingonroadkill hereharehere pingfm beach applearts rocketjumper yourdp mills szymon joshwilliams winnr celestelindahl heather-rivers leecoleman thillythenny theresistance ihatetopherchris nwsppr maia alexanderpf atheistramblings corcarpemei sarahschneider travie julieannpaladin jimmyjosh leted cairaguas farago theneedforfeed slowburn slightlysasha monas aforanapple acv thetattle grumbl abaloneshaman rbstrucking johnnyonthespot