[OSM-dev] API suggestion - "authorise"?
D Tucny
d at tucny.com
Sun Nov 18 04:09:24 GMT 2007
n 18/11/2007, Lambertus <osm at na1400.info> wrote:
>
> I agree, but on the other hand, how paranoid do you want to be?
>
> Anyway, changing the forum to use a future HTTPS API authentication is
> simple. Dunno if the forum authentication itself is easy to change to
> HTTPS.
>
> Maybe 3rd parties need to allow users to choose between using OSM API auth
> or a specific auth for that 3rd party service. That way, if you do not
> trust
> the 3rd party you can use a separate account for that service.
For me, I'd trust *.openstreetmap.org with my openstreetmap user details,
but, I wouldn't trust random 3rd party site... If random 3rd party site only
offered the option of using my openstreetmap user details, I'd probably just
not use it until I could be bother to check out how legit it was... There
have been lots of 3rd party sites taking authentication information for
other services and misusing it over the years... think phishing
(paypal/ebay/random banks) as a good example... OK, openstreepmap details
right now may not carry much value as everyone can create one and do the
same things as everyone else, but, as the web interface, community related
functionality and any trust based access levels and other services get
integrated, perhaps more thought would need to go into how authentication is
allowed to give better protection...
d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20071118/5223026a/attachment.html>
More information about the dev
mailing list