@Josh
By 'interface' I meant 'user interface', the html / ajax view. To clear
things up a little I made this diagram.
@All
With the input I've gotten, generally, it sounds like the idea I've come up
with is acceptable in terms of function and complexity, comparable to other
methods.
I do want to
AJ, this situation might be indicating that using a single sign-on
solution across both the JT and CM would do the trick very nicely.
If in fact both the JT and CM have the concept of user accounts then you
could use a single sign-on package in order to set things up so that
logging into one
*Short: *
A user which exists on one site must be able to use the API of another site
without logging in to that site. I think a token mechanism is the way to go
but I want input.
The *problem* is that John is logged into JT, not CM, and he doesn't have an
account on CM.
The *proposed solution*
AJ ONeal coola...@gmail.com writes:
A user which exists on one site must be able to use the API of another site
without logging in to that site. I think a token mechanism is the way to go
but I want input.
[…]
P.S. What do you call XSS when you're talking about proper XSS rather than
AJ,
Maybe I'm misunderstanding the problem, but this seems like it may be
a job for OAuth:
http://oauth.net/
Thanks,
Bradley
On 4/15/09, AJ ONeal coola...@gmail.com wrote:
*Short: *
A user which exists on one site must be able to use the API of another site
without logging in to that site.