On Wed, 23 Jan 2019 at 14:21, Allan Day <a...@gnome.org> wrote: > [Responding selectively, this thread is getting long.] > > Emmanuele Bassi <eba...@gmail.com> wrote: > ... > >> The main factor has always been about how we handle identity. If we > >> give online accounts access to 3rd party apps, we're giving them > >> access to the GNOME keys. They appear as "GNOME" to online providers > >> and their access is bundled up with our own. As a result, we lose the > >> ability to ensure that the GNOME keys are being used in accordance > >> with providers' terms and conditions. > > > > This is because we never specified a way to get third party keys stored > inside GOA as part of a process to get third party modules to it. > > If apps could provide their own keys that would certainly change the > picture (I didn't actually know it was a possibility.) It would also > change the nature of Online Accounts of course; it's always been > designed as part of the system, that's used by the system and the core > apps. Might take a little thought. >
We had a key store for web services API keys in Moblin/MeeGo, as part of libsocialweb, mostly because we couldn't have OEMs ship with Intel OTC keys, and OEMs didn't want to make their key public either. :-) Re-implementing that would not be hard, especially if we make it a prerequisite that new services must come with their own key. Additionally, it would let downstream vendors ship their own keys, if they are so inclined. Ciao, Emmanuele. -- https://www.bassi.io [@] ebassi [@gmail.com]
_______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
