[OSM-dev] The future of Potlatch

Tom Carden tom at tom-carden.co.uk
Thu May 1 21:48:51 BST 2008


2008/5/1 Frederik Ramm <frederik at remote.org>:
>  there would
>  have to be a way for this outside thing to issue API requests "on
>  behalf of" a certain user, and ideally without the user having to give
>  away his password. I'm confident this will be solved (and give us
>  single login for other services along the way).
>

I was trying to stay out of this thread, but someone should really
mention OAuth at this point.

I'm not sure if anyone is working on this already for OSM, but it's
rapidly emerging as a de-facto standard for delegated authentication,
getting rid of the password anti-pattern. I believe Rails libraries
are available.

http://oath.net

Tom.




More information about the dev mailing list