[OSM-dev] API suggestion - "authorise"?

[Nick Whitelegg]

On Saturday 17 Nov 2007 16:20, Lambertus wrote:
> I agree, but on the other hand, how paranoid do you want to be?
>
> Anyway, changing the forum to use a future HTTPS API authentication is
> simple. Dunno if the forum authentication itself is easy to change to
> HTTPS.
>
> Maybe 3rd parties need to allow users to choose between using OSM API auth
> or a specific auth for that 3rd party service. That way, if you do not
> trust the 3rd party you can use a separate account for that service.

A specific authorisation for the third party service (Freemap in my case) 
would be *more* problematic though, I'd have thought. For this to work in my 
case (freemap/osmajax) one would have to set up a special OSM account for all 
Osmajax edits, and anyone who did any copyright-infringing editing would be 
less traceable. If this OSM account was used for copyright infringement, then 
*all* edits by that account would presumably have to be reversed, affecting 
*all* its users (not just one).

Non expert opinion: I think at the end of the day people will just have to 
trust that I'm not using their logins for nefarious means, and if they don't, 
they have the option not to use it. Likewise if people want to use their 
paypal password for different accounts, again it's their own responsibility. 
It seems to be part of a bigger question as to how does one use web APIs (and 
web APIs by their nature are designed to be used by third parties) requiring 
authentication without these sorts of issues coming up?

Nick