

Ask HN: Will I be allowed to do this? - partisan

I had an idea that I am trying to vet and I have some major concerns.<p>While posting a comment on a news article the other day, I chose to use twitter authentication to log in. Of course, the newspaper website wanted to have access to my tweets, my followers, and the ability to post new tweets on my behalf, none of which I was comfortable giving up just to post on a random news article on a random site. I imagine that this prevents a lot of other people from posting as well.<p>I am considering creating a new authentication provider that will allow users to authenticate via their twitter, facebook, or google+ accounts, while not allowing any of the invasion of privacy that comes with using the standard OAuth providers.<p>My concern is that this will be deemed as some form of competition by the respective services and they can simple cut me off and kill my authentication service.<p>Your advice is greatly appreciated.
======
gregcohn
I think you will need to make a decision as to whether you are hoping to serve
as a proxy login (you log into me with twitter ; i log into them on your
behalf) or to have a separate standalone service that's clearly demarcated
from the host publisher.

I believe you'll find the former is challenging. It would be against the TOS
of most authentication providers to do this as an arm's-length intermediary. I
think you could do it as the contracted agent of the publisher (which implies
a white-label approach). See, for example, the way JanRain works.

The best examples of the latter I can think of are Disqus, Echo, et al. You
might want to check them out.

~~~
partisan
Greg,

Thanks for the reply. I was thinking to have a standalone service that is
clearly demarcated from the host publisher. I wouldn't store passwords, I
would simply serve as an authenticator for websites that would use the service
as an alternative to the standard oauth provider from twitter or facebook,
etc. The issue is that I would probably have an app on their ecosystem to
facilitate the process.

BTW, brnr.me sounds like a great service.

~~~
gregcohn
thanks!

------
happycry
I liked the idea of Mozilla Persona ([https://www.mozilla.org/en-
US/persona/](https://www.mozilla.org/en-US/persona/)), but that doesn't seem
to be catching on.

I think you're on to something though, there are a lot of sites that want
access to far too much, as if the developer cut-pasted all of the scopes they
could find.

~~~
partisan
Thanks for the reply. Given that persona does not have traction then I would
guess that the hard part would be getting sites to use it. I would expect that
there would be high demand for a service like this, but perhaps privacy is not
as important to some as to others?

------
dragonbonheur
As Richard Branson said; Screw it, just do it.

