Monday 17 September 2012

What is API key for?


There are three parts of security for API-s:


  • Identity - who is making an API request?
  • Authentication - are they really are who they say they are?
  • Authorization – are they allowed to do what they are trying to do?

I always wasn't sure where to place API key in theses security issues and found this explenation. I reckon it's clear and informative.

Take Yahoo and Google maps – they are fairly open.  They want to know who you are but they aren’t concerned what address you are looking up. So they use an API key to establish identity, but don’t authenticate or authorize. So if you use someone else’s API key, it’s not good but not a serious security breach. The API key lets them identify (most likely) who is making an API call so they can limit on the number of requests you can make. Identity is important here to keep service volume under control.

http://blog.apigee.com/detail/do_you_need_api_keys_api_identity_vs._authorization

Analogy of public key


I like this analogy of the public key very much. The analogy is that of a locked store front door with a mail slot. The mail slot is exposed and accessible to the public; its location (the street address) is in essence the public key. Anyone knowing the street address can go to the door and drop a written message through the slot. However, only the person who possesses the matching  private key, the store owner in this case, can open the door and read the message.

Thursday 6 September 2012

WWW initial idea of hyperlinks vanish as we rely more and more on google page rank

Page rank is an intuitive algorithm and the more we rely on it, the accuracy of page rank gets worse. What is the reason of that situation? Page rank relies on hyperlinks, but now it is just easier to Google anything than remember a hyperlink. So newer pages have fewer hyperlinks, which is very bad for page rank. A CERN worker - Tim Berners-Lee is an inventor of WWW whose initial idea was based on scientific documents having links to other documents. This was an inspiration for hyperlinks. Now, instead of giving an exact hyperlink we say 'google for these words and for sure you'll find what you're looking for'. We got rid of hyperlinks in favour of more intuitive Google search engine. We find it hard to remember facts, so we increasingly use Google, but there is a dangerous consequence. If our supposedly associative memories rely on building associations, which are strengthened when traversed during recall, the more we use Google the less we can remember! The conclusion is to use Google when it's absolutely needed and be more precise by including links to the information according to all Tim Berners-Lee commended. Probably, it's not viable and practical to follow these rules, so we have to improve the existing algorithm every which way. Probably, in the end we'll have to come up with another idea of indexing documents. Fortunately, not all hope is lost. Mere indexing is poor at capturing deeper associations between documents, words and concepts. However, as we search and retrieve we also divulge on the relative relevance of search results. Google is exploiting such relevance feedback and, for example, analyse how many seconds we stay on a page. If only for a few seconds, it means that the page wasn't relevant for us, but if we opened a link and didn't repeat the search, it means that this was a relevant result. Ok, but what about us? Exercising recall abilities is not the only time connections are built. We create fresh connections when reasoning which on the other hand is based on lots of facts. Google provides these abundantly and easily, encouraging more reasoning, so building more, probably deeper associations!