[OSM-dev] The future of Potlatch

Tom Hughes tom at compton.nu
Thu May 1 23:04:06 BST 2008

In message <16e8cf860805011348jed1acdcs61e65ef29805f6df at mail.gmail.com>
          "Tom Carden" <tom at tom-carden.co.uk> wrote:

> I was trying to stay out of this thread, but someone should really
> mention OAuth at this point.
> I'm not sure if anyone is working on this already for OSM, but it's
> rapidly emerging as a de-facto standard for delegated authentication,
> getting rid of the password anti-pattern. I believe Rails libraries
> are available.
> http://oath.net

So rapidly emerging that I'd never heard of it before...

How does it compare to OpenID, which is what people normally ask us for?

I'm not sure it's relevant to the issue at hand here anyway, as I think
it's not an issue at all. We already support token based authentication
so all it needs is an API call on the site that will return a token and
what Frederik wants can work.

Potlatch already uses token based authentication in fact, it's just
that the token is created behind the scenes by rails and embedded in
the HTML page it returns which starts the flash applet.


Tom Hughes (tom at compton.nu)

More information about the dev mailing list