[OSM-talk] User diary enhancements, subscriptions, Facebook/Twitter integration

Kai Krueger kakrueger at gmail.com
Mon May 9 16:56:20 BST 2011


Serge Wroclawski-2 wrote:
> 
> The first solution, using OAuth against what was a RESTful API, is bad.
> 

Whether OAuth fits the ideology of a RESTful API or not, it is already
heavily used in OpenStreetMap.

OAuth is the preferred method of authenticating JOSM against the API, it is
the only(?) way that Potlatch 2 can authenticate, various other editors and
POI collectors currently use OAuth and it is the recommended way to talk to
the API. If I remember correctly at some point even the idea of disabling
password based authentication was briefly maintained to prevent the password
being sent in cleartext all the time.

So given that OAuth is already heavily used, I don't see an issue with
relying on it for the purpose of OpenID. 

And should you really want to use one of those few applications that don't
support OAuth yet, there is the option of still using the password, although
indeed that would defeat much of the purpose of OpenID.

Kai  

--
View this message in context: http://gis.638310.n2.nabble.com/User-diary-enhancements-subscriptions-Facebook-Twitter-integration-tp6340003p6344736.html
Sent from the General Discussion mailing list archive at Nabble.com.



More information about the talk mailing list