[OSM-dev] OpenID for OpenStreetMap?

Samat K Jain lists at samat.org
Fri Feb 11 05:59:18 GMT 2011


On Thursday, February 10, 2011 03:01:21 PM Matt Amos wrote:
> On Thu, Feb 10, 2011 at 8:09 PM, Serge Wroclawski <emacsen at gmail.com> wrote:
> > On Thu, Feb 10, 2011 at 2:24 PM, Matt Amos <zerebubuth at gmail.com> wrote:
> >> i might be missing the point here, but are you suggesting that OSM
> >> would be an openID provider, consumer or both?
> >
> > I'm suggesting that instead of taking on a technology, we take on a
> > set of requirements, or needs, and address them. And from there I'm
> > saying that OpenID itself is a side issue.

The reason I focus on OpenID is that code for the rails port, the help site, and wiki (I don't know about other OSM web properties? the forum?) already exists.

> ok - so what's the problem, or "requirement" in corporate-speak, that
> we're trying to address here?

I wasn't very clear in my original e-mail, sorry… in short, numbered form:

1. Make it easier for users to sign up, and for existing users to login.
2. Eliminate extra, confusing, and unnecessary logins for other OSM websites (help, wiki, forum, etc).
3. A single sign on system—login into one OSM site, and you're logged into all (i.e. what Canonical's Launchpad does).

1 and 2, as I understand it, can be realized tomorrow by turning OpenID on—the devil, of course, is UX details. 3 will require a bit more thinking and programming, if it's an important problem to solve.

> > That sounds like it makes non-web based editors hard to develop.
> 
> nope. the user has to log into the website to authorize an OAuth token
> - what does it matter whether they log in via the usual username and
> password or OpenID? certainly it doesn't matter to the editor, even if
> it's doing some sort of ugly hack like JOSM's "fully automatic" mode.

OpenID does _nothing_ for authentication with "3rd party clients" (i.e. editors). Bringing it up is confounding different issues. I should reiterate that I am no way suggesting that OpenID _replace_ OSM usernames/passwords, but I am suggesting it augment them.

It's worth pointing out, however, that Google has an OpenID/OAuth "hybrid protocol":

  http://googledataapis.blogspot.com/2009/01/bringing-openid-and-oauth-together.html

But this still aimed at the web only.

-- 
Samat K Jain <http://samat.org/> | GPG: 0x4A456FBA

I fell asleep reading a dull book, and I dreamt that I was reading on, so I woke up from sheer boredom.
-- None (496)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20110210/77ca24d3/attachment.pgp>


More information about the dev mailing list