[josm-dev] JOSM Applet

Sebastian Klein bastikln at googlemail.com
Thu Mar 3 16:05:09 GMT 2011 

Dirk Stöcker wrote:
> Hello,
> 
>>> What is the difference to PL2? It is developed in openstreetmap.org svn
>>> repository and Tom Hughes updates the binary regularly for rails [1]. We
>>> should go all the way and even use the same authentication method. I
>>> don't know the details, but apparently an OAuth token is automatically
>>> issued for Potlatch 2 the first time it is used.
> 
> Well, that does not solve the issue. When you use OAuth with JOSM applet
> you also need no OSM-login, but you need to login at JOSM server. This is
> the same for potlatch, where you need to login at Potlatch server.

What are you talking about? You don't have to go to geowiki.com.

Put yourself in the place of a user that is very inexperienced:

 * oh, there is this openstreetmap thing I heard about, let's check it out
 * go to www.openstreetmap.org and sign up - this is normal, every website has login nowadays
 * zoom the map, select PL2 from the edit tab list, add some POI, click save, enter changeset command, done!

The OAuth thing happens completely behind the scenes, everything works smoothly with a single login.


Now, for the josm applet, there are further hurdles:

 * You have go to another domain. (Understandable if you know the project better, but a little strange for a newcomer.)
 * You are supposed to enter another login, the JOSM wiki this time. Most users will have to sign up first and wonder why this is required.
 * In addition (even if you are sill logged in at the osm.org website) you have to enter the osm login again (at least once). (Or use OAuth which is more difficult at the moment.)

> Somewhen you need to login. The question is only whether you login at
> josm.openstreetmap.de or www.openstreetmap.org. Not such a big difference
> in my eyes.
>> I think it would be cool to have something similar for the JOSM applet,
>> but of course that would mean that whoever checks out the applet to
>> osm.org would have to take some responsibility for it not being a
>> security hole.
> 
> Somehow I believe again (this time both of you) don't know JOSM's
> features. We already can do the server communication with additional
> authentication. When running on the OSM server, OAuth-request could also
> be handled automatically, as login is already done. But what we need in
> any case is an initial login. There is no way around it.

Yes, but the openstreetmap account is needed anyway and you may log in for other reasons, e.g. check the settings or write a diary entry. Why should it be required to sign up and login on yet another site to "simply" start one of the osm editors?


Sebastian

More information about the josm-dev mailing list