Yesterday Friend Connect added Twitter to their list of accounts that can be used to authenticate and to communicate friend data between cooperating sites.
From a social graph perspective, this makes complete sense, although I’m not sure what is supposed to happen when a twitter user with 5,000 followers and following 5,000 logs into a site for the first time. I have to assume that you get little dribbles and drabbles of friend links over time, in the background. Still, if the website operators are using an elastic, as-needed payment model, it could be rather expensive for true twitter addicts to visit for the first time.
From an authentication perspective, I can only laugh, the irony is too much for me. Twitter as a provider of identity information. This is a site with an unbelievably cavalier attitude towards the credentials of users, as evidenced by the fact that they force their entire partner community to ask for and resend usernames and passwords, and as evidenced by the fact that they encourage their users to type their credentials into any input box that might present itself with the short introduction of “Twitter API”.
You may say that Twitter was never intended to be a highly secure service, and I’m sure you’re right. What so many people in this industry are trying to do, however, is to provide a way for services like Twitter to no longer have to badly manage their user data, but instead to rely on the services that DO care about security, and do actually take the security of user credentials seriously.
In the short term though, convenience wins out over security. It’s bass-ackwards, but it’s still progress. Gotta crawl before we can run. Anything that connects sites and propels application and service owners to start considering externalized Identity is good in my book. We need to get in there, mix it up, and hope that something reasonable emerges from the fray.