[openspending-dev] api key

• Previous message: [openspending-dev] api key
• Next message: [openspending-dev] api key
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Tryggvi!

On 22.08.2013, at 10:06, Tryggvi Björgvinsson <tryggvi.bjorgvinsson at okfn.org> wrote:
> On þri 20.ágú 2013 07:49, fukami wrote:
>> In my point of view OpenID seems to be more robust. It's also better 
>> understood by devs and users (although it has also problems, i.e. it's
>> more susceptible to stuff like phishing).
> 
> I think since OpenID still relies on passwords it wouldn't be suitable,
> at least not for an API interface. It might actually be worth looking
> into supporting OpenID as a login mechanism for OpenSpending.

You are right: OAuth is much better suitable for APIs than OpenID.

>> But I can help with a review if you like.
> 
> Since OpenSpending is an open source project we still go by the rule of
> thumb that implementor gets to choose how a problem is solved. Those
> solutions can't be rejected unless they are insecure, introduce bugs,
> break tests etc. and the implementor then has a chance to fix that
> thanks to constructive criticism.

Yeah, and that's the right way to go.

> If not then we go with Alberto's solution. Fukami, would you still be
> interested in reviewing Alberto's solution?

Of course! :)


Cheers,
  fukami

• Previous message: [openspending-dev] api key
• Next message: [openspending-dev] api key
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]