> >There has already been a lot of discussion about the flickr > >athentication process that is documented here: > >http://flickr.com/services/api/misc.userauth.html > > > >It seems to be an interesting approach and I think it can be applied > >to del.icio.us in the same way as it can be to flickr. > > > > > > the problem with that proposal is that it requires us to vette apps and > provide an app key. is this necessary/desirable?
viewed from a long term perspective I think: yes, you (as in you, joshua or anyone of your team members) should have the option to deny/allow the use of a special service to get access to (parts of) the del.icio.us data, especially if it is about write access. I recently read on this mailing list that you denied a programmer from providing services to users. And I think it was a good decision - especially because it was pro diversity and contra unified information categorization. nothing speaks against an autmated key delivering service (the flickr key applications aren't really reviewed as far as I know). but I consider the proposed flickr system as a very strong one (thinking about white/black lists, an _optional_ review system and the user's options to grant or deny special rights via a _single_ interface) and secure due to the md5 hashing of all sensitive information. the flickr system is not trivial but at the end it is easy to implement and I think it is the best system from the user's point of view, especially because there is one single point where a user can allow/forbid access to very personal (and I hope in future private) data. _______________________________________________ discuss mailing list discuss@del.icio.us http://lists.del.icio.us/cgi-bin/mailman/listinfo/discuss
