[OSM-dev] User authentication/Single sign on (was: Proposal for a map-bug tracker)

[Matt Amos]

On Fri, Nov 28, 2008 at 11:45 PM, Frederik Ramm <frederik at remote.org> wrote:
> A user talking to System X must be able to prove to System X that he is
> OpenStreetMap user Z, without System X gaining any privileged information.

better still, the user gets to say exactly what information system X
can access, how long for and to revoke it whenever they feel like it.
(i.e: OAuth).

> As far as I know this has nothing to do with LDAP, or does LDAP
> somewhere specify a scheme like that?

ldap is "just" a directory protocol - it specifies nothing about how
the information it stores can be used.

> What we need is probably OAuth.

+1. OAuth is exactly what we need and there are gems and rails
adaptors for it. i've had a play with it and it looks very cool. we
integrate that with the server code, add some mandatory access bits
(can write to the api, can read/write gpx traces, can read/write user
prefs, diaries, etc...) and everything conforms to a well-known
standard for which there are many client libraries.

> (unless we want to write our own version of the above)

-1 billion. standards are good - but the world doesn't need another one ;-)

cheers,

matt