[OSM-dev] Setting up editing interface on www.openstreetmap.org

Nick Hill nick at nickhill.co.uk
Tue Nov 28 01:27:23 GMT 2006

Hello Christopher.

Christopher Schmidt wrote:
> I have an existing Python CGI script which makes it simple for me to do
> editing via the OSM API with my username. In order to have edits be
> attributed to the user who made them, I need some access to the user
> credentials such that I can reuse them. Unfortunately, it seems like
> this access is not possible via anything that is currently set up.

I don't understand why the script will need access to OSM credentials. I would 
presume the user will provide credentials which can be cached client-side and 
passed to the CGI script.

> I can modify my Python CGI script so that it will PUT data via an
> XMLHttpRequest -- this will ask the user for the login name/passfor
> the OSM API when the PUT is committed. This is the minimal effort for
> me: I could convert my Python CGI script to do this in something like an
> hour. This means putting a small Python script (which would mostly look
> like http://labs.metacarta.com/osm/edit.txt) on the OSM server, under
> the www.openstreetmap.org domain.

> Alternatively, I could modify the script to use the database directly,
> rather than the API. Since I don't know Ruby, this would probably be
> high cost for relatively little gain, comparitively. (If I had to
> rewrite my code to ruby, it would probably simply never happen.)

Again, I think I am missing something; the OSM API is accessible through http. 
The only layer which AIUI is ruby-specific is the data access object, a layer 
below the API containing a collection of SQL queries. Below the DAO, we have the 
raw MySQL connection.

> Essentially, the edit.txt above is a simple attribute editor. It would
> let anyone edit the attributes of a way by going to edit.cgi?way=43245,
> which I think would be a useful tool to have in general, but I'm not
> sure how you feel about putting it under the OSM domain. (Obviously, it
> would be placed into SVN and under OSM's control, not mine.)

I would characterise this as an extension of the API, with a paradigm shift.

In the same way as the API requires http auth, the intermediate script could 
require auth (whether plain text or cyphered) which in turn percolates to the 
OSM API. Am I on the right track, or am I misunderstanding?

> Could you advise on how you would like this matter to proceed? 

Assuming I am on the right track, could you look at whether credentials can 
percolate from the client, through your script to the OSM http API? I may be 
able to help with this if you find a blocker.



More information about the dev mailing list