On Thursday, February 10, 2011 03:01:21 PM Matt Amos wrote: > On Thu, Feb 10, 2011 at 8:09 PM, Serge Wroclawski <[email protected]> wrote: > > On Thu, Feb 10, 2011 at 2:24 PM, Matt Amos <[email protected]> wrote: > >> i might be missing the point here, but are you suggesting that OSM > >> would be an openID provider, consumer or both? > > > > I'm suggesting that instead of taking on a technology, we take on a > > set of requirements, or needs, and address them. And from there I'm > > saying that OpenID itself is a side issue.
The reason I focus on OpenID is that code for the rails port, the help site, and wiki (I don't know about other OSM web properties? the forum?) already exists. > ok - so what's the problem, or "requirement" in corporate-speak, that > we're trying to address here? I wasn't very clear in my original e-mail, sorry… in short, numbered form: 1. Make it easier for users to sign up, and for existing users to login. 2. Eliminate extra, confusing, and unnecessary logins for other OSM websites (help, wiki, forum, etc). 3. A single sign on system—login into one OSM site, and you're logged into all (i.e. what Canonical's Launchpad does). 1 and 2, as I understand it, can be realized tomorrow by turning OpenID on—the devil, of course, is UX details. 3 will require a bit more thinking and programming, if it's an important problem to solve. > > That sounds like it makes non-web based editors hard to develop. > > nope. the user has to log into the website to authorize an OAuth token > - what does it matter whether they log in via the usual username and > password or OpenID? certainly it doesn't matter to the editor, even if > it's doing some sort of ugly hack like JOSM's "fully automatic" mode. OpenID does _nothing_ for authentication with "3rd party clients" (i.e. editors). Bringing it up is confounding different issues. I should reiterate that I am no way suggesting that OpenID _replace_ OSM usernames/passwords, but I am suggesting it augment them. It's worth pointing out, however, that Google has an OpenID/OAuth "hybrid protocol": http://googledataapis.blogspot.com/2009/01/bringing-openid-and-oauth-together.html But this still aimed at the web only. -- Samat K Jain <http://samat.org/> | GPG: 0x4A456FBA I fell asleep reading a dull book, and I dreamt that I was reading on, so I woke up from sheer boredom. -- None (496)
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/dev
