“Dave Winer proposes”:www.scripting.com/stories/2… a simple solution to revoking authentication in web services:
"Now imagine that Twitter had a page that showed all the IP addresses that have used your login in the last 30 days, with a start date for each and a count of calls made. I bet you could figure out which one was The Greasy Spoon Group, pronto. Further suppose there was a checkbox next to each IP address. You could uncheck that one, click Submit, and voila, no more spam from your account."
There are important things missing here, such as not sharing your credentials, but I have to admit I do like the simplicity. If the hostnames were grouped by user agent, the UI wouldn’t even be half bad. If nothing else, maybe this will light a fire under OAuth implementors to get moving. (And I count myself in that group too, since I’m involved with some services that need OAuth pretty badly.)
If you “string together tweets from Alex Payne”:search.twitter.com/search it makes for an interesting narrative about OAuth too.