[OSM-dev] API suggestion - "authorise"?
Marcus Wolschon
Marcus at Wolschon.biz
Sun Nov 18 07:02:49 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
D Tucny schrieb:
>> Maybe 3rd parties need to allow users to choose between using OSM API auth
>> or a specific auth for that 3rd party service. That way, if you do not
>> trust
>> the 3rd party you can use a separate account for that service.
>
>
> For me, I'd trust *.openstreetmap.org with my openstreetmap user details,
> but, I wouldn't trust random 3rd party site... If random 3rd party site only
> offered the option of using my openstreetmap user details, I'd probably just
> not use it until I could be bother to check out how legit it was... There
> have been lots of 3rd party sites taking authentication information for
> other services and misusing it over the years... think phishing
What about implementing OpenID here? You are redirected to the osm-site
and enter your password only there, hever on the 3rd-party site.
It's pretty easy to implement.
Marcus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHP+OYf1hPnk3Z0cQRApGqAJ9w6CsST5saKWuE9ho6dS0yhy81nACfUocC
LzSDKzsoYFvgE+bJRn3li2U=
=no80
-----END PGP SIGNATURE-----
More information about the dev
mailing list