[Responding selectively, this thread is getting long.] Emmanuele Bassi <eba...@gmail.com> wrote: ... >> The main factor has always been about how we handle identity. If we >> give online accounts access to 3rd party apps, we're giving them >> access to the GNOME keys. They appear as "GNOME" to online providers >> and their access is bundled up with our own. As a result, we lose the >> ability to ensure that the GNOME keys are being used in accordance >> with providers' terms and conditions. > > This is because we never specified a way to get third party keys stored > inside GOA as part of a process to get third party modules to it.
If apps could provide their own keys that would certainly change the picture (I didn't actually know it was a possibility.) It would also change the nature of Online Accounts of course; it's always been designed as part of the system, that's used by the system and the core apps. Might take a little thought. >> From a design perspective that's never been something we've wanted to >> do, both from a branding and identity perspective, as well as from a >> "oh shit we can't access Google any more, because some random app did >> something they didn't like". > > We can communicate that a key has been revoked by a service in the same way > we communicate that the user needs to re-authenticate themselves. That would work if apps can provide their own keys. The concern in the past has always been around GNOME's keys potentially being blacklisted. Allan _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list