Saturday, August 8, 2009

FriendSync service design

Now, FriendFeed is the best twitter client. But there is a missing-link.
Who use twitter, hostiled their follower, are nailed down to twitter.
If you can maintain follows automatically on FriendFeed, you'll have Smarter-Twitter.

So, I imagined follower-synchronize service. FriendSync.
To prove inconvenience FriendFeed user who has so much Twitter followings.

But! oH My gOd! FriendSync already exists (2009 Aug 7) ... so I need to change name to Merge2it2ff or Invi2ff
FriendSync - Sync w/ Facebook

FriendSync syncs your existing iPhone Contacts with Facebook!Syncs your
iPhone's contact pictures, names and birthdays with Facebook.

Anyway, here is a memo on security key features.

Key feature : use OAuth (3-legged!)

To invite followers from Twitter to FriendFeed, the service need to have authorized to access follow information and register follower.
For such a process, OAuth is desined.
And, OAuth's "easy-to-use" is already proved by Mobster World :)

Service programs can be located on VPS, but secure info (Request Key) is encrypted|digested, and shall be stored in more secure place.
So, service system deployment starts from SSL key signing.
Every step needs SSL communication between VPS (application server) and secure storage server.
If you using trustfull (using all by yourself, and all well-known ports are protected neatly) server, both application and secure storage server can be the same one :-)
This would be low performance, slow in latency, but this is not so much frequently used application that it has no problem.

Key feature : Informed concent before OAuth steps.

It's partly because of complexity of registration step. You want to be informed enough to keep motivation during long way.

  • registration
    • Inform the risk
    • Inform how to reboke
    • force to check reboke page
    • guide how to use
      • add/remove follow from this application
      • automatic sync follow status on every 30 minutes
      • manually sync follow status
    • guide registration step (2 step)
    • start registration
      • declear that your id is the same as FriendFeed
  • login
    • use FriendFeed OAuth (OpenID of twitter might be straight forward to explain, :-)
    • need cookie (expires shortly,,,, mmm,

No comments:

Post a Comment