incremental authorization
This article is a stub. You can help the IndieWeb wiki by expanding it.
incremental authorization is the practice, even pattern, of only requesting permissions when they are needed for the current user-action, for example, when requesting OAuth authorization, read, write, delete permission, or similarly with Micropub.
Why
The incremental authorization pattern is important to the indieweb by way of Micropub client design.
Micropub clients should follow the incremental authorization pattern, and only ask for the absolute minimal permissions they need for any particular user action, when the user attempts the action, rather than at sign-up / install time.
Silo Encouragement
The practice of incremental authorization is being encouraged by more and more silos.
Silo Examples
Various silos have begun to explicitly implement incremental authorization, and make it clear that they do, and why they do.
- Lanyrd: http://lanyrd.com/blog/2012/twitter-read-only/
- Done Not Done
- 1001 Beers
- Mapalong
all use Twitter for log-in, but none of them require write-access up-front.[1]
Premature Write Permissions Antipattern
(this may deserve its own page if it grows significantly)
Incremental authorization practices are largely a reaction to recognizing that requesting all or many permissions up front was rude and disrespectful of users, and thus an antipattern.
Articles about this misbehavior:
- 2013-01-22 Jeremy Keith: Twitter permissions
- references 2012-09-13 This is rude. This is not. Letβs be polite. Especially when starting relationships.
Silo Antipattern Examples
- Twitter Counter (http://twittercounter.com/) [2] (and verified 2014-10-18)
- which tricked many smart folks and tweet-spammed on their behalf.
- Branch[3]
- Medium[4]
- Seen.co[5]
- ... add more here