Desktop apps would presumably be trusted by the user (although obviously still subvert-able ). Just plug in your userid and password.
The auth scheme I am proposing would be for other webapps only. Joshua
The thing I don't like about these auth schemes, is that it's web-based. Sounds stupid, but one thing that makes del.icio.us and other services like that provide an API so great, is that they allow development and use of non-web-apps (like cocoalicious and others). Forcing these apps to send the user to a browser and from there back to the app is even worse than annoying. (Not to say, that the proposed scheme, through it's use of Redirection makes desktop apps quite hard to do ... they'd have to accept HTTP request in order to retrieve the auth key). Or did I miss something, and this is totally easy? Cheers Benjamin
-- joshua schachter [EMAIL PROTECTED] _______________________________________________ discuss mailing list discuss@del.icio.us http://lists.del.icio.us/cgi-bin/mailman/listinfo/discuss