[openspending-dev] api key
fukami
odn at foo.io
Tue Aug 20 07:49:05 UTC 2013
Hi Tryggvi!
On 19.08.2013, at 19:02, Tryggvi Björgvinsson <tryggvi.bjorgvinsson at okfn.org> wrote:
> On mán 19.ágú 2013 16:28, fukami wrote:
>> Implementing homebrew public key crypto is actually rather difficult, and most developers don't even get symmetric key crypto right which is far less complex. I see this almost every day, even from experienced developers who should know better. Why not just use OAuth straight away? Not that I'm a very big fan of it, but it's better than building something from scratch and it's widely used.
> I agree that crypto is hard to do right but just out of curiosity why
> don't you like OAuth? Is there anything else you'd recommend instead?
I basically share the concerns of Eran Hammer, especially about OAuth2.0,
see http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
In my point of view OpenID seems to be more robust. It's also better
understood by devs and users (although it has also problems, i.e. it's
more susceptible to stuff like phishing).
> Maybe you could help us out doing this correctly from the get-go? I
> think we'd all appreciate your help (since you seem to have some
> experience/knowledge of the area). Would you be up for that?
As always it's much easier to criticize than to implement and I'm way
better in breaking than making things ^^
But I can help with a review if you like.
Cheers,
fukami
More information about the openspending-dev
mailing list