Serge Wroclawski-2 wrote: > > The first solution, using OAuth against what was a RESTful API, is bad. >
Whether OAuth fits the ideology of a RESTful API or not, it is already heavily used in OpenStreetMap. OAuth is the preferred method of authenticating JOSM against the API, it is the only(?) way that Potlatch 2 can authenticate, various other editors and POI collectors currently use OAuth and it is the recommended way to talk to the API. If I remember correctly at some point even the idea of disabling password based authentication was briefly maintained to prevent the password being sent in cleartext all the time. So given that OAuth is already heavily used, I don't see an issue with relying on it for the purpose of OpenID. And should you really want to use one of those few applications that don't support OAuth yet, there is the option of still using the password, although indeed that would defeat much of the purpose of OpenID. Kai -- View this message in context: http://gis.638310.n2.nabble.com/User-diary-enhancements-subscriptions-Facebook-Twitter-integration-tp6340003p6344736.html Sent from the General Discussion mailing list archive at Nabble.com. _______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk
