[
https://issues.apache.org/jira/browse/SHINDIG-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12586978#action_12586978
]
Dirk Balfanz commented on SHINDIG-185:
--------------------------------------
I don't know where the implicit dependencies comment was coming from, but I
certainly agree with it.
Anyway - we know that currently nobody uses AuthorizationType.AUTHENTICATED,
because support for it hadn't been checked in until a few hours ago. This will
probably change in a matter of days or weeks. So, while I generally agree that
"one-off" changes to specs are a bad idea, I think this might be an exception.
If the opensocial 0.7 spec tomorrow said that the parameter is called OAUTH,
who would notice?
Along the same lines - if the gadgets.io spec said one thing, and the
opensocial spec 0.7 said another (and it wouldn't be until 0.8 until they're
back in sync), what would the consequences be?
You guys are citing great rules ("keep the implementation in sync with the
spec", "don't change the spec", etc.) - but the reason those rules exist is
because we don't want to break things for developers. I would argue that in
this case, we would cause more breakage by clinging to the rules than by
violating them: everybody agrees that this will change down the road, so let's
change it before the first person uses it.
> Incorrectly named AuthorizationType
> -----------------------------------
>
> Key: SHINDIG-185
> URL: https://issues.apache.org/jira/browse/SHINDIG-185
> Project: Shindig
> Issue Type: Improvement
> Components: Gadgets Server - Java
> Reporter: Dirk Balfanz
> Assignee: Cassie Doll
> Attachments: patch-authenticated-2-oauth.txt
>
>
> I propose to change gadgets.io.AuthorizationType.AUTHENTICATED to
> gadgets.io.AuthorizationType.OAUTH.
> Here are a few reasons:
> - It's hard to remember the difference between "SIGNED" and "AUTHENTICATED".
> If "AUTHENTICATED" somehow authenticates my fetches, then what does "SIGNED"
> do? Signing is a common way to authenticate messages. Very confusing.
> - Assuming that the gadgets.io.AuthorizationType enumeration lists (despite
> its name) different ways to authenticate, then having "AUTHENTICATED" as an
> authentication type doesn't make any sense.
> - If in version 2.0 of opensocial we want to support a cool newfangled
> authentication scheme NEWAUTH, then it would be kind of lame to to be stuck
> with an enum of (NONE, SIGNED, AUTHENTICATED, NEWAUTH).
> The attached patch renames the AuthorizationType to OAUTH.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
