i'd like to put together a spec for letting users authorize remote
application access without giving away their actual password.
here's a very preliminary idea:
1) remote webapp links to, say, del.icio.us/auth?return=http://
place.to.send.auth.key/
2) user ends up on a page that tells him 'grant access to http://
place.to.send.auth.key for write/read/decline'
3) chooses read or write or whatever and is redirected to http://
place.to.send.auth.key/?user=xyz&key=abc and this is logged to some
del.icio.us database. (or maybe this should be POST)
4) api will accept either password or the auth key
thoughts?
--
joshua schachter
[EMAIL PROTECTED]
_______________________________________________
discuss mailing list
discuss@del.icio.us
http://lists.del.icio.us/cgi-bin/mailman/listinfo/discuss