[Openid-specs-mobile-profile] Twitter didgits

Nat Sakimura sakimura at gmail.com
Thu Oct 23 09:12:50 UTC 2014


My read is the same.
LINE started off in a similar fashion.
In fact, many of the WAP applications in Japan were like this.

It is kind of OK for on-boarding the user.
However, unless you do the following, it will cause problems down the road.


   - Generate hardware dependent identifier that is readable from the app
   and associate it with the number.
   This is to mitigate the impersonation through phone number reassignment
   problem.
   - This implies that you need to have some way of re-associating the user
   when the user looses ore changes handset.
   - Thus, you need to actually generate a persistent identifier behind the
   scene and associate phone number and handset info to it. Also, you need to
   establish a secondary credential that the user can use in the circumstances
   of lost/changed handset.

>From a brief look at the web page, I could not figure out if they are doing
these.

Nat




2014-10-22 23:42 GMT-05:00 Tim Bray <tbray at textuality.com>:

> To some extent, it was WhatsApp taught the world that huge numbers of
> people are happy to be known by their phone number and not much else.
>
> On the other hand, the new hotness in Enterprise chat is called Slack
> and it’s really very good.  It has a traditional login flow but when
> you’re trying to do login/password on your mobile device it pops up
> and says “Would it be easier if we just emailed you a PIN?” and it
> usually is.  So email isn’t dead.
>
> On Wed, Oct 22, 2014 at 9:08 PM, Adam Dawes <adawes at google.com> wrote:
> > That's my read too. Twitter's partial answer to Facebook's Parse. We
> think
> > this is interesting and shows the trend away from email centric accounts.
> >
> > -------
> > sent from my hand phone
> >
> > On Oct 22, 2014 12:51 PM, "John Bradley" <ve7jtb at ve7jtb.com> wrote:
> >>
> >> Anyone know anything about this?
> >>
> >> https://dev.twitter.com/products/digits
> >>
> >> It seems like a simple on-boarding service that confirms a phone number
> by
> >> SMS,  but I may be missing something.
> >>
> >> John B.
> >>
> >> _______________________________________________
> >> Openid-specs-mobile-profile mailing list
> >> Openid-specs-mobile-profile at lists.openid.net
> >> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile
> >
> >
> > _______________________________________________
> > Openid-specs-mobile-profile mailing list
> > Openid-specs-mobile-profile at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile
> >
>
>
>
> --
> - Tim Bray (If you’d like to send me a private message, see
> https://keybase.io/timbray)
> _______________________________________________
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile
>



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20141023/cd413545/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list