On Thursday October 30, 2008 00:49:39 Christian Scholz wrote:
> I haven't looked at it in detail but as you mentioned OAuth as well I
> wanted to point out that those things attached to an access token might
> be very fine grained permissions like I allow somebody to see my
> fullname but not my email address.. I am not sure this will be modelled
> with having a permission for each profile field (profile is just an
> example anyway).
> So in this case I'd like to get the actually token key and let the app
> decide what it means.
> Not sure this is an issue but I wanted to point it out :)
To be honest, I've not dived yet on how to use OAuth in this context and thus
it's not clear to me how it can be done, but it's very likely that it'll be
complex and possible will work independently of our Users+Permissions+Groups
based authorization system.
But I think it worths it, although I need to give thought to how implement it
when it's the time to do it (unless somebody wants to start working on this
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
Repoze-dev mailing list