Re: [OSM-dev] Using native social SDK for signing in to OSM on mobile

[Simon Poole]

If I understand Ilya correctly what he wants to avoid is (the hassle of)
the authorisation step when using OAuth. During this process you need to
login to openstreetmap.org with your credentials and then confirm that
the app is allowed to access the API on your behalf.

To see what is involved in practical terms you can try to use the HOT
task manager, maproulette etc (or on a mobile device Vespucci, I assume
Go Map! uses OAuth too, as any current third party app for OSM should).

The authorisation is a one time process (per app) and as such I'm not
quite convinced that the whole discussion isn't a solution looking for a
problem, but Ilya is correct in that it does involve the hassle of
people remembering their google/FB/whatever password. Naturally on a
mobile device you want to minimize typing in any case so I'm mildly in
support of at least investigating what this would entail (it is unlikely
that we would use a proprietary solution in Vepsucci though, on other
devices and with other apps the trade-offs might be different).

The above is a separate but related issue to making the signup process
"mobile friendly"  see
https://github.com/openstreetmap/openstreetmap-website/issues/894 for a
longish discussion.

Simon

Am 24.12.2015 um 15:58 schrieb Greg Troxel:
> Ilya Zverev  writes:
>
>> This can be made a part of a policy for allowing apps to use OSM
>> official social accounts.
> Can you explain what you mean by "OSM official social accounts"?
> Perhaps it is just me that doesn't get it, but I am not following what
> you really mean.
>
>
> ___
> dev mailing list
> dev@openstreetmap.org
> https://lists.openstreetmap.org/listinfo/dev



signature.asc
Description: OpenPGP digital signature
___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

[josm-dev] How to ask for confirmation at layer deletion or exit?

[Holger Mappt]

Hi,

See https://josm.openstreetmap.de/ticket/12075.
The idea is to ask for confirmation if a GeoImageLayer with modified 
image properties is deleted.  What is the best/right way to do that?


The AbstractModifiableLayer seems to serve that purpose.  GeoImageLayer 
could extend AbstractModifiableLayer instead of Layer.  But there is not 
a single file associated with the layer but one file per modified image. 
 There is not really a "recommended action" for the SaveLayersDialog. 
The AbstractModifiableLayer would need to be extended to have something 
like isAbleToUploadToServer() and isAbleToSaveToFile() to disable the 
according check-boxes of the SaveLayersDialog.  The logic in 
Main.saveUnsavedModifications() would need to be changed to consider the 
layer if neither requiresSaveToFile() nor requiresUploadToServer() 
returns true.  Would it make sense to add something like 
requiresSomeAction() to AbstractModifiableLayer and 
Main.saveUnsavedModifications()?  The "action" could be a string that is 
displayed in the SaveLayersDialog.


Thanks,
Holger

___
josm-dev mailing list
josm-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/josm-dev

Re: [OSM-dev] Using native social SDK for signing in to OSM on mobile

[Greg Troxel]

Simon Poole  writes:

> If I understand Ilya correctly what he wants to avoid is (the hassle of)
> the authorisation step when using OAuth. During this process you need to
> login to openstreetmap.org with your credentials and then confirm that
> the app is allowed to access the API on your behalf.
>
> To see what is involved in practical terms you can try to use the HOT
> task manager, maproulette etc (or on a mobile device Vespucci, I assume
> Go Map! uses OAuth too, as any current third party app for OSM should).

Thanks; I am begininng to understand.  I dimly remember that Vespucci
used to store username/paassword, but recently I tried to upload some
changes and had to go through the oauth process.  Other than having to
know my osm password it was quite trivial, requiring typing 'gdt' and
the password and then changing a few checkboxes.   This seems like a
very nice solution and I particularly appreciate the fine-grained
permissions.

> The authorisation is a one time process (per app) and as such I'm not
> quite convinced that the whole discussion isn't a solution looking for a
> problem, but Ilya is correct in that it does involve the hassle of
> people remembering their google/FB/whatever password. Naturally on a
> mobile device you want to minimize typing in any case so I'm mildly in
> support of at least investigating what this would entail (it is unlikely
> that we would use a proprietary solution in Vepsucci though, on other
> devices and with other apps the trade-offs might be different).

The word "social" (that you didn't use :-) seems confounding in this
discussion.

So is the notion:

  One could link some third-party openid/openauth provider to one's OSM
  account, either manually, or because it was used to sign up.

  On a device, one might already be authorized for this third-party
  openauth/openid provider.

  A program that does OSM stuff (Vespucci, OsmAnd, firefox) might then
  authorize to osm.org via this third-party provider, requiring only a
  yes click to an "authorize to osm via foo" popup?


That seems harmless enough as long as it doesn't lead to proprietary
software showing up in Free programs,  doesn't result in any data
flowing to those third-party sites for users that don't already have a
relationship with them, and doesn't lead to apps suggesting that people
sign up with these other places.


> The above is a separate but related issue to making the signup process
> "mobile friendly"  see
> https://github.com/openstreetmap/openstreetmap-website/issues/894 for a
> longish discussion.

Thanks for the link.  That mostly makes sense, except for the notion
that Android is unusable without a Google account.  I will agree with
"base Android with google stuff (vs CM) is hostile to those without a
google account" though.


signature.asc
Description: PGP signature
___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] ClearTables: Another way to use OSM data for rendering and analysis

[nebulon42]

IMO it would be great if the rendering database of the OSM standard 
layer moved to a custom backend like this. It would take complexity away 
from the style.


nebulon42

Am 2015-12-28 um 05:34 schrieb Paul Norman:

Osm2pgsql has the ability to take a set of transforms[1] to convert
OpenStreetMap data to a fairly arbitrary set of tables, allowing the use
of complex logic written in Lua, a lightweight programming language
often used in embedded applications. Doing this logic in Lua avoids what
can be complex SQL statements, replacing them with Lua functions which
can be unit tested in isolation.

I have been working on a set of these, called ClearTables:
https://github.com/pnorman/ClearTables. Their goal is to simplify use of
the resulting database for rendering and analysis.

- The audience for this is not really this mailing list. A more typical
target would be those who ask questions on gis.stackexchange.com

- The latest release (0.88.1) of osm2pgsql should mostly work, but it's
being developed against 0.89.0-dev.

- There are plenty of features which are not processed yet, and are
being tracked in issues. If there's something that needs adding, opening
a new issue is the best way to provide feedback:
https://github.com/pnorman/ClearTables/issues

- I'm interested in other needs and use cases

- I can pg_dump or provide shapefiles for an area if someone is
interested and is in an environment where they can't build osm2pgsql


[1]: https://github.com/openstreetmap/osm2pgsql/blob/master/docs/multi.md

___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev


___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] Using native social SDK for signing in to OSM on mobile

[Дмитрий Киселев]

And just to mention.

Third party services on the login page and those services on the new user
page are different.

2015-12-28 23:34 GMT+05:00 Ilya Zverev :

> Hi Greg,
>
> Signing in on mobile devices is hard. You click "sign in" and then have to
> remember your login and password. There is an alternative method: facebook
> and google buttons on a login form. You can try them yourself: after
> linking your account with a social account, signing in is just a matter of
> pressing one button.
>
> Registering a new user is much harder on mobile, since you have to type
> everything twice, and then leave for another app to confirm a e-mail.
> Again, with a facebook/google button, you don't have to type anything:
> e-mail and display name are pre-filled, and password is optional. E-mail
> confirmation step is also omitted, since social networks have already
> validated your e-mail. So, registering with facebook or google is a
> straightforward process of 3-4 button clicks and no typing.
>
> But that's on a desktop browser. You most likely have logged in to some
> social accounts on your phone. For example, most android phones are
> unusable without a google account. And millions of iPhone users use
> facebook. So it's safe to assume most mobile users have a permanent login
> to a social account.
>
> I haven't used Vespucci in a while, but I can assume that when you try to
> sign in with it, it opens an inline browser with a login form. You can
> remember and type your login/password, or click on any social button. Alas,
> after that you would have to remember your google/facebook login and
> password, and type them in. Because even if you are already signed in to
> these in your system, browser panes do not share the account. So there is
> no simplification of a signing in process with social buttons in a mobile
> OSM editing app.
>
> I want to use a system-wide social account on mobile devices. So that a
> user could sign in in a mobile OSM app with a single button click (provided
> he/she is logged in to facebook/google on a device). To do that, I need to
> change osm.org source code a bit, adding an endpoint, and to allow
> third-party apps to create "tokens", identification strings, that osm.org
> would be able to use.
>
> The latter requires that the mobile app developer either knows two keys,
> which are currently stored only on osm.org server, or that any app that
> wants to allow social login to be registered by an OWG member who has
> access to facebook/google system account. When you click "facebook" button
> on osm.org login form, you are taken to an "OpenStreetMap" facebook app
> and are asked to allow it your name and e-mail. That is the social
> app/account I'm talking about. You cannot make a working social login in a
> mobile app without having some kind of access to that "OpenStreetMap"
> facebook app.
>
> IZ
>
> > 24 дек. 2015 г., в 17:58, Greg Troxel  написал(а):
> >
> >
> > Ilya Zverev  writes:
> >
> >> This can be made a part of a policy for allowing apps to use OSM
> >> official social accounts.
> >
> > Can you explain what you mean by "OSM official social accounts"?
> > Perhaps it is just me that doesn't get it, but I am not following what
> > you really mean.
>
>
> ___
> dev mailing list
> dev@openstreetmap.org
> https://lists.openstreetmap.org/listinfo/dev
>



-- 
Thank you for your time. Best regards.
Dmitry.
___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] Using native social SDK for signing in to OSM on mobile

[Ilya Zverev]

First, Facebook SDK is open-source. So there are no proprietary solutions 
related to this discussion. Google login SDK is probably open too, though I 
didn't check that.

The discussion with Martijn is about a different things: while he proposes to 
change the whole registration process altogether, possibly removing some 
important steps, I just want to use already existing processes from a mobile 
application. That would involve adding some endpoints to osm.org, and granting 
access to some mobile apps.

JOSM already circumvents the permissions confirmation step, but it still works 
only with login and password. I want to employ social accounts, so a user has 
nothing to type at all.

IZ


> 28 дек. 2015 г., в 15:15, Simon Poole  написал(а):
> 
> 
> If I understand Ilya correctly what he wants to avoid is (the hassle of) the 
> authorisation step when using OAuth. During this process you need to login to 
> openstreetmap.org with your credentials and then confirm that the app is 
> allowed to access the API on your behalf.
> 
> To see what is involved in practical terms you can try to use the HOT task 
> manager, maproulette etc (or on a mobile device Vespucci, I assume Go Map! 
> uses OAuth too, as any current third party app for OSM should).
> 
> The authorisation is a one time process (per app) and as such I'm not quite 
> convinced that the whole discussion isn't a solution looking for a problem, 
> but Ilya is correct in that it does involve the hassle of people remembering 
> their google/FB/whatever password. Naturally on a mobile device you want to 
> minimize typing in any case so I'm mildly in support of at least 
> investigating what this would entail (it is unlikely that we would use a 
> proprietary solution in Vepsucci though, on other devices and with other apps 
> the trade-offs might be different).
> 
> The above is a separate but related issue to making the signup process 
> "mobile friendly"  see 
> https://github.com/openstreetmap/openstreetmap-website/issues/894 for a 
> longish discussion.
> 
> Simon
> 
> Am 24.12.2015 um 15:58 schrieb Greg Troxel:
>> Ilya Zverev 
>>  writes:
>> 
>> 
>>> This can be made a part of a policy for allowing apps to use OSM
>>> official social accounts.
>>> 
>> Can you explain what you mean by "OSM official social accounts"?
>> Perhaps it is just me that doesn't get it, but I am not following what
>> you really mean.
>> 
>> 
>> 
>> ___
>> dev mailing list
>> 
>> dev@openstreetmap.org
>> https://lists.openstreetmap.org/listinfo/dev
> 
> ___
> dev mailing list
> dev@openstreetmap.org
> https://lists.openstreetmap.org/listinfo/dev


___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] Using native social SDK for signing in to OSM on mobile

[Ilya Zverev]

Hi Greg,

Signing in on mobile devices is hard. You click "sign in" and then have to 
remember your login and password. There is an alternative method: facebook and 
google buttons on a login form. You can try them yourself: after linking your 
account with a social account, signing in is just a matter of pressing one 
button.

Registering a new user is much harder on mobile, since you have to type 
everything twice, and then leave for another app to confirm a e-mail. Again, 
with a facebook/google button, you don't have to type anything: e-mail and 
display name are pre-filled, and password is optional. E-mail confirmation step 
is also omitted, since social networks have already validated your e-mail. So, 
registering with facebook or google is a straightforward process of 3-4 button 
clicks and no typing.

But that's on a desktop browser. You most likely have logged in to some social 
accounts on your phone. For example, most android phones are unusable without a 
google account. And millions of iPhone users use facebook. So it's safe to 
assume most mobile users have a permanent login to a social account.

I haven't used Vespucci in a while, but I can assume that when you try to sign 
in with it, it opens an inline browser with a login form. You can remember and 
type your login/password, or click on any social button. Alas, after that you 
would have to remember your google/facebook login and password, and type them 
in. Because even if you are already signed in to these in your system, browser 
panes do not share the account. So there is no simplification of a signing in 
process with social buttons in a mobile OSM editing app.

I want to use a system-wide social account on mobile devices. So that a user 
could sign in in a mobile OSM app with a single button click (provided he/she 
is logged in to facebook/google on a device). To do that, I need to change 
osm.org source code a bit, adding an endpoint, and to allow third-party apps to 
create "tokens", identification strings, that osm.org would be able to use.

The latter requires that the mobile app developer either knows two keys, which 
are currently stored only on osm.org server, or that any app that wants to 
allow social login to be registered by an OWG member who has access to 
facebook/google system account. When you click "facebook" button on osm.org 
login form, you are taken to an "OpenStreetMap" facebook app and are asked to 
allow it your name and e-mail. That is the social app/account I'm talking 
about. You cannot make a working social login in a mobile app without having 
some kind of access to that "OpenStreetMap" facebook app.

IZ

> 24 дек. 2015 г., в 17:58, Greg Troxel  написал(а):
> 
> 
> Ilya Zverev  writes:
> 
>> This can be made a part of a policy for allowing apps to use OSM
>> official social accounts.
> 
> Can you explain what you mean by "OSM official social accounts"?
> Perhaps it is just me that doesn't get it, but I am not following what
> you really mean.


___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev

Re: [OSM-dev] Using native social SDK for signing in to OSM on mobile

[Ilya Zverev]

> 25 дек. 2015 г., в 8:36, Ineiev  написал(а):
> 
> On Thu, Dec 24, 2015 at 01:55:06PM +0300, Ilya Zverev wrote:
>> My answer is, absolutely. If a random person walking with their phone adds
>> opening hours or marks a shop closed, I don't care if she/he is a part of
>> community or not.
> 
> What if they add copyright-encumbered data as well?

What if a person with a desktop editor and access to thousands of mapping 
portals and paper maps starts adding copyright-encumbered data? It is much 
easier from a desktop than from a mobile editor. Should we ban JOSM, since it 
is used for most questionable imports and copyright violations?

> 
>> I think it's time to stop taking OSM for a playground of a few geo-geeks.
>> There are thousands of people who fall for "free and open wiki map", and
>> millions who don't care, but who use our map and want to have the freshest
>> data on it.
> 
> I'm used to think that OSM is _the_ project for those who care; for those
> who don't, there is plenty of other possibilities, isn't it?

It was. It still is, but the definition of "care" is much wider now. HOT 
attracts people who care not about the map, but about refugees and crisis 
victims. With a wider mobile reach we can attract people caring about their 
neighbourhood accessible in a mapping application, but who don't care which map 
it is. For now, other mapping projects are luring these people, so why can't we?

IZ
___
dev mailing list
dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/dev