[OSM-dev] Changeset Revert Tool
frederik at remote.org
Wed Apr 22 07:43:55 BST 2009
Ian Dees wrote:
> Can we start a thread discussing what is required/wanted in a changeset
> tool? What should such a tool do besides "revert changes from changeset x"?
I think it would be best to first concentrate on some kind of OpenAuth
support (or something homebuilt) that would allow a third-party
application to execute API calls on behalf of a user.
* user tells application "please revert changeset"
* application redirects user to API
* API tells user "please authenticate for application X"
* user enters credentials
* API redirects user back to application, with magic token
* application makes API requests using magic token
I don't know how far existing technologies can be used to achieve this;
I believe OpenAuth only goes so far as to tell the application "yes,
that guy really is user abc123 at my site", it doesn't do the second bit.
I believe we could solve this using changesets with relative ease, by
adding an "auth_token" field to a changeset and allowing database
updates with *either* username+password (as before) *or*
username+auth_token (of an open changeset created for this user). This
would mean that the user could open a changeset with the API and then
pass on the token to third-party applications, which would then be able
to make changes on behalf of this user, but only within that one changeset.
This might or might not require far-reaching changes to a lot of API
components. Maybe it's just the auth code that needs a few extra lines.
Other ideas will of course also work, this is just one way of doing it.
Without such an "executing stuff on behalf of user" mechanism, any
revert (or other) tool would have to ask the user for his
username/password (and, therefore, his trust). This is not such a big
deal for software that people download and install locally, but we would
not want to encourage people to enter their OSM credentials with any
third party web site.
Frederik Ramm ## eMail frederik at remote.org ## N49°00'09" E008°23'33"
More information about the dev