On 08/20/2014 12:09 AM, Michał Sawicz wrote: > W dniu 19.08.2014 o 16:32, Daniel Holm pisze: >> Since I don't really know that that means anyways I'm inclined to ask >> what the issue with http(s) auth would be; that we would have to store >> username and password instead of a key? > > Yes, and not having control over what has access to (what) in your > account. Basically until you change your password, the account service > has full access to your ownCloud.
In Ubuntu Touch case, this is not 100% correct: while it's true that you cannot control what an application will do once it gets the ownCloud username and password, we *do* control what applications have access to the ownCloud account. When the account is first created, no application can use it. Once an application requests to use the ownCloud account, the user will be presented with a visual choice (authorize the app for this account, authorize the app for a new ownCloud account, or deny). Until the access is authorized, the application will not be able to retrieve the ownCloud password. (OAuth is generally better because it has the concept of "permission scopes", but OTOH not all services using OAuth make use of that feature) Ciao, Alberto -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
