Hueniverse: Beginner’s Guide to OAuth – Part II : Protocol Workflow

Beginner’s Guide to OAuth – Part II : Protocol Workflow

OAuth is best explained with real-life examples. The specification includes in Appendix A a similar example but focuses on the HTTP calls syntax. This walkthrough demonstrates a typical OAuth session and includes the perspectives of the User, Consumer, and Service Provider. The websites and people mentioned are fictional. The Scottish references are real. And so our story begins...

Flow1g

Jane is back from her Scotland vacation. She spent 2 weeks on the island of Islay sampling Scotch. When she gets back home, Jane wants to share some of her vacation photos with her friends. Jane uses Faji, a photo sharing site, for sharing journey photos. She signs into her faji.com account, and uploads two photos which she marks private.

Using OAuth terminology, Jane is the User and Faji the Service Provider. The 2 photos Jane uploaded are the Protected Resources.

Screen1

After sharing her photos with a few of her online friends, Jane wants to also share them with her grandmother. She doesn't want to share her rare bottle of Scotch with anyone. But grandma doesn't have an internet connection so Jane plans to order prints and have them mailed to grandma. Being a responsible person, Jane uses Beppa, an environmentally friendly photo printing service.

Using OAuth terminology, Beppa is the Consumer. Since Jane marked the photos as private, Beppa must use OAuth to gain access to the photos in order to print them.

Jane visits beppa.com and begins to order prints. Beppa supports importing images from many photo sharing sites, including Faji. Jane selects the photos source and clicks Continue.

Screen2

When Beppa added support for Faji photo import, a Beppa developer known in OAuth as a Consumer Developer obtained a Consumer Key and Consumer Secret from Faji to be used with Faji's OAuth-enabled API.

After Jane clicks Continue, something important happens in the background between Beppa and Faji. Beppa requests from Faji a Request Token. At this point, the Request Token is not User-specific, and can be used by Beppa to gain User approval from Jane to access her private photos.

Flow2g

Jane clicked Continue and is now waiting for her screen to change. She sips from her prized Black Bowmore while waiting for the next page to load.

When Beppa receives the Request Token, it redirects Jane to the Faji OAuth User Authorization URL with the Request Token and asks Faji to redirect Jane back once approval has been granted to http://beppa.com/order.>

Jane has been redirected to Faji and is requested to sign into the site. OAuth requires that Service Providers first authenticate the User, and then ask them to grant access to the Consumer.

Jane notices she is now at a Faji page by looking at the browser URL, and enters her username and password.

Screen3

OAuth allows Jane to keep her username and password private and not share them with Beppa or any other site. At no time does Jane enters her credentials into beppa.com.

After successfully logging into Faji, Jane is asked to grant access to Beppa, the Consumer. Faji informs Jane of who is requesting access (in this case Beppa) and the type of access being granted. Jane can approve or deny access.

Jane makes sure Beppa is getting the limited access it needs. She does not want to allow Beppa to change her photos or do anything else to them. She also notes this is a onetime access good for one hour which should be enough time for Beppa to fetch her photos.

Screen4

Once Jane approves the request, Faji marks the Request Token as User-authorized by Jane. Jane’s browser is redirected back to Beppa, to the URL previously provided http://beppa.com/order together with the Request Token. This allows Beppa to know it can now continue to fetch Jane's photos.

Jane waits for Beppa to present her with her photos fetched from her Faji account.

Screen5

While Jane waits, Beppa uses the authorized Request Token and exchanges it for an Access Token. Request Tokens are only good for obtaining User approval, while Access Tokens are used to access Protected Resources, in this case Jane's photos. In the first request, Beppa exchanges the Request Token for an Access Token and in the second (can be multiple requests, one for a list of photos, and a few more to get each photo) request gets the photos.

Flow3g

When Beppa is done, Jane's browser refreshes to complete the order.

Beppa successfully fetched Jane's photo. They are presented as thumbnails for her to pick and place her order.

Jane is very impressed how Beppa grabbed her photos without asking for her username and password. She likes what she sees and place the print order.

Screen6

via hueniverse.com

I'm going to implement OAuth with one of our applications - the consumer and twitter platform as the Service Provider. I'll keep you guys posted.

Tagged guide oauth

The Future of Search: Social Relevancy Rank

The Future of Search: Social Relevancy Rank

Written by Alex Iskold / July 16, 2009 9:05 PM / 11 Comments
« Prior Post Next Post »

FriendFeed has recently launched a search feature, and so Facebook search must be coming soon.

Real-time Web search (of streams of activities) is a hot topic right now. Everyone, including Google and Microsoft, recognizes the value of using trusted contacts as filters. What was once called social search is now called real-time search, but this time it will really happen. First, it will be applied to streams and then to the Web in general.

What we are about to get is a Social Relevancy Rank. Whenever you search streams of activity, the results will be ordered not chronologically but by how relevant each is to you based on your social graph. That is, people who matter more to you will bubble up. How does this work? Well, there will be a formula, just as there is a formula for Page Rank.

Solution 101: Rank by Friends and People You Follow

Here is an idea so obvious that it is surprising Twitter has not implemented it already: front-load search results with people you follow. When you search for, say, "Wilco" on Twitter today, the results are in the chronological order. That is not really relevant because you do not know who most of these people are. But if instead you could see people you follow, the search results would be much more useful.

This is not possible on Twitter today, but it already works great on FriendFeed. There, results are filtered or ranked based your social graph. This is not difficult for FriendFeed to do because, on the one hand, it knows who you care about and, on the other, it applies its advanced feed search technology to your social graph:

This sounds awesome, but there is a problem. "Wilco" works well as a query because the band has just released a new album, but many other queries would return no results. Simply put, your friends on Facebook and people you follow on Twitter can't possibly have an opinion on every topic you may be interested in. This is a problem of sparse data: trusted opinions are scarce.

Small Worlds and Taste Neighbors

To solve the problem of sparse data, we need more data... obviously. One possible solution is to incorporate other sources that you trust (i.e. broaden your social graph). As a next step, search results could rank people you may not be directly following but who are being followed by people you follow. Or in Facebook-speak, friends of friends. You could argue that you are not familiar with their opinions and so cannot yet trust them, but given the small world phenomenon, their contributions are often just as valuable.

Another step could be to include people with similar tastes, so-called taste neighbors. This approach is common among vertical social networks such as Last.fm, Flixster, and Goodreads. These networks have ideas about which people, other than your friends, are like you. However, this is a costly calculation and takes time. In order for Twitter to do something like this, it would have to compare people based on links or perform semantic analyses of tweets over time. Yet even though this is a difficult problem, it will be solved in time.

The Influencers and the Crowd

Aside from using the "second degree" of your social graph or taste neighbors, a Social Relevancy Rank could front-load influencers. In the absence of any other metric, someone who is followed by hundreds of thousands of users is likely more relevant to you than someone you don't know at all. Using number of followers as a weight might be a good way to order the rest of the activity stream.

In general, combing through countless tweets from strangers is not terribly useful anyway. Just as people have stopped looking at anything beyond the first page of results on Google, sifting through pages of tweets in chronological order gets tedious quickly. What needs to be incorporated into the Social Relevancy Rank is the aggregate sentiment of the crowd: a score that tells you yay or nay and gives you an opportunity to drill into more results if you choose.

The Quest for the Perfect Filter

There is no such thing as a perfect formula. Even Page Rank isn't perfect. Yet we all use it and find it useful. Much as Page Rank has been adapted and tuned to search the web, Social Relevancy Rank will evolve over time to help us make sense of endless streams of activity. This ranking will have a profound impact on how we tap into our friends' opinions.

It will change the face of general Web searches in time, too. Today, results are automatically ranked by relevancy and freshness. Once Social Relevancy Rank is factored in, search results will be re-ordered based on social relevancy.

And now, as always, please tell us what you think? What would you expect from a search engine with Social Relevancy Rank built in?

via readwriteweb.com

The question still remains? How can we trust real time social search the way we trust google's search algorithm? We know that google will only bring on the more reliable sources. Twitter however, is full of bots and random people who don't really care what they say. How do we find the few whose words of wisdom are we really after?

Mint Map: World Currencies in the Recession | Mint.com Blog | Personal Finance News & Advice

via mint.com

How are world currencies doing in comparison to the US Dollar. An amazing visual!

How to Perfect an Elevator Pitch About Yourself

You're in the elevator with the hiring manager of Dream-Job Corporation. As the door slides shut, you feel a combination of adrenaline and slight nausea: you've got 15 seconds, if that, to communicate your value as a potential employee in a compelling way — just 15 seconds to cram in a whole resume's worth of work and accomplishments and late nights and successes. There's so much you want to say, but your message has got to be crisp, tailored, to-the-point. Handle this one right, and you'll be the newest member of the Dream-Job team. Flub it up, and you're back to scanning listings on Monster.com. What are you supposed to say?

Here are the five key things to know and do in order to make your elevator pitch successful:

Practice, practice, practice. Very few people have the oratorical power to make compelling 15-second speech about their entire professional lives on demand and under pressure. Practice your speech 100 times — literally. Know it, get comfortable with it, be able to tilt it effectively for a different audience. Practice your body language with it: how will you give the speech differently sitting down vs while walking down a hall? How will it be different over the phone vs in person?
Focus on impact. Two weeks ago, 60 Minutes aired a segment set at a white-collar job fair. One of the interviewees, a laid-off Wall Street secretary, looked straight into the camera and said, with total conviction, "I can make any boss shine." I wanted to hire her on the spot. Who doesn't want to shine? Describing the impact you've had, and can continue to have, is much more compelling than talking about your number of years of experience.

Ditch the cultural baggage. A lot of us have been taught — by parents, teachers, or team-oriented corporate environments — not to toot our own horns, and to use "we" instead of "I". Elevator pitches are all about "I". You've got to get comfortable with bragging about your own individual contributions (in a graceful way).

Be slow and steady. Whether out of nervousness or a desire to cram in a lot of information, people giving elevator speeches tend to talk at breakneck pace — which is extremely off-putting to potential employers. Speak at a pace that shows your calm and confidence. You want them to think of you as thoughtful and deliberate — not as some manic babbler.

See the whole world as an elevator. Too many people looking for jobs save their elevator speeches for job fairs and interviews. Remember the first rule of sales: ABC (Always Be Closing). Give your elevator speech to everyone — at family gatherings, in the waiting room of the dentist, at coffee hour at your church or temple. You never know where the next job is coming from.

How do you pitch yourself to prospective employers? What advice do you have for other people doing the same? What works — and what doesn't?

via blogs.harvardbusiness.org

 

Tagged Career Planning Communication

Tuben - Day 30

Name: Tuben
Age: 3 months
Gender: Female

Feel Good (TV=OFF) (Shinichi Osawa Edit)

Feel Good (Tv=Off) (Shinichi Osawa Edit) by Boys Noize  

Tagged Electronic Music

VNV Nation - Legion (Live)

via vimeo.com

VNV stand for "Victory not Vengeance". The meaning behind this stylised motto is that one should strive to achieve, not sit in bitter regret. VNV Nation are Ronan Harris (electronics, lyrics, vocals) and Mark Jackson (drums).

Tagged Electronic Music VNV Nation

Maintenance of Dynamically vs. Statically typed Languages

via slideshare.net

My paper is geared towards defining, comparing and contrasting dynamically typed languages to statically typed languages in their most basic traits. It will also shed light on the different aspects of those language types that assist or hinder in maintaining software.

Tagged Dyanamic Dynamic Maintenance Programming Languages Static