[openspending-dev] api key
fukami
odn at foo.io
Wed Aug 28 12:15:03 UTC 2013
Hi Tryggvi!
On 22.08.2013, at 10:06, Tryggvi Björgvinsson <tryggvi.bjorgvinsson at okfn.org> wrote:
> On þri 20.ágú 2013 07:49, fukami wrote:
>> In my point of view OpenID seems to be more robust. It's also better
>> understood by devs and users (although it has also problems, i.e. it's
>> more susceptible to stuff like phishing).
>
> I think since OpenID still relies on passwords it wouldn't be suitable,
> at least not for an API interface. It might actually be worth looking
> into supporting OpenID as a login mechanism for OpenSpending.
You are right: OAuth is much better suitable for APIs than OpenID.
>> But I can help with a review if you like.
>
> Since OpenSpending is an open source project we still go by the rule of
> thumb that implementor gets to choose how a problem is solved. Those
> solutions can't be rejected unless they are insecure, introduce bugs,
> break tests etc. and the implementor then has a chance to fix that
> thanks to constructive criticism.
Yeah, and that's the right way to go.
> If not then we go with Alberto's solution. Fukami, would you still be
> interested in reviewing Alberto's solution?
Of course! :)
Cheers,
fukami
More information about the openspending-dev
mailing list