There's no easy way to prevent a url from using a password or
whatever, since they aren't actually objects that have actions.
There's only IP addresses or authentication pairs (username,
password, etc)
I don't see this solution particularly different from what I propose
aside from making the user do more stuff to authenticate an application.
Joshua
Hi,
regarding remote authorization, the proposed method seems complex.
I suggest the following - each user can have multiple passwords.
1) In "del.icio.us remote auth settings" I can add/delete URLs.
2) Adding an URL returns a new password for my user, that only works
for the given URL.
3) Removing an URL revokes password, thus denying the remote
application's access to my data.
4) del.icio.is keeps a log for each interaction from the remote app -
I can check it and audit what the remote app is doing.
5) I give my del.icio.us username plus my new password to the
remote app.
Plus: The user could be able to set permissions for each new URL.
Example: just read,, read/write, just access tags: X1, X2, X2...,
don't access to tags: Y1, Y2..., etc.
Seems more simple and intuitive for the user.
Sérgio Nunes
Date: Sun, 11 Sep 2005 23:13:50 -0400
From: joshua schachter <[EMAIL PROTECTED]>
Subject: [delicious-discuss] remote app auth
i'd like to put together a spec for letting users authorize remote
application access without giving away their actual password.
here's a very preliminary idea:
1) remote webapp links to, say, del.icio.us/auth?return=http://
place.to.send.auth.key/
2) user ends up on a page that tells him 'grant access to http://
place.to.send.auth.key for write/read/decline'
3) chooses read or write or whatever and is redirected to http://
place.to.send.auth.key/?user=xyz&key=abc and this is logged to some
del.icio.us database. (or maybe this should be POST)
4) api will accept either password or the auth key
thoughts?
--
joshua schachter
[EMAIL PROTECTED]
_______________________________________________
discuss mailing list
discuss@del.icio.us
http://lists.del.icio.us/cgi-bin/mailman/listinfo/discuss
--
joshua schachter
[EMAIL PROTECTED]
_______________________________________________
discuss mailing list
discuss@del.icio.us
http://lists.del.icio.us/cgi-bin/mailman/listinfo/discuss