Hi, Ian Dees wrote: > Can we start a thread discussing what is required/wanted in a changeset > tool? What should such a tool do besides "revert changes from changeset x"?
I think it would be best to first concentrate on some kind of OpenAuth support (or something homebuilt) that would allow a third-party application to execute API calls on behalf of a user. Something like * user tells application "please revert changeset" * application redirects user to API * API tells user "please authenticate for application X" * user enters credentials * API redirects user back to application, with magic token * application makes API requests using magic token I don't know how far existing technologies can be used to achieve this; I believe OpenAuth only goes so far as to tell the application "yes, that guy really is user abc123 at my site", it doesn't do the second bit. I believe we could solve this using changesets with relative ease, by adding an "auth_token" field to a changeset and allowing database updates with *either* username+password (as before) *or* username+auth_token (of an open changeset created for this user). This would mean that the user could open a changeset with the API and then pass on the token to third-party applications, which would then be able to make changes on behalf of this user, but only within that one changeset. This might or might not require far-reaching changes to a lot of API components. Maybe it's just the auth code that needs a few extra lines. Other ideas will of course also work, this is just one way of doing it. Without such an "executing stuff on behalf of user" mechanism, any revert (or other) tool would have to ask the user for his username/password (and, therefore, his trust). This is not such a big deal for software that people download and install locally, but we would not want to encourage people to enter their OSM credentials with any third party web site. Bye Frederik -- Frederik Ramm ## eMail [email protected] ## N49°00'09" E008°23'33" _______________________________________________ dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/dev
