incremental authorization

From IndieWeb
Jump to: navigation, search


incremental authorization is the practice, even pattern, of only requesting permissions when they are needed for the current user-action, for example, when requesting OAuth authorization, read, write, delete permission, or similarly with Micropub.

Contents

Why

The incremental authorization pattern is important to the indieweb by way of Micropub client design.

Micropub clients should follow the incremental authorization pattern, and only ask for the absolute minimal permissions they need for any particular user action, when the user attempts the action, rather than at sign-up / install time.

Silo Encouragement

The practice of incremental authorization is being encouraged by more and more silos.

Facebook

Google

Silo Examples

Various silos have begun to explicitly implement incremental authorization, and make it clear that they do, and why they do.

all use Twitter for log-in, but none of them require write-access up-front.[1]

Premature Write Permissions Antipattern

(this may deserve its own page if it grows significantly)

Incremental authorization practices are largely a reaction to recognizing that requesting all or many permissions up front was rude and disrespectful of users, and thus an antipattern.

Articles about this misbehavior:

Silo Antipattern Examples

See Also

Personal tools
Namespaces
Variants
Actions
Recent & Upcoming
Resources
Toolbox