Em 10-11-2010 09:12, Simon Busch escreveu:
I would even like to see some security mechanism for fsopimd. Maybe like twitter did it already with client applications with OAuth (http://oauth.net/) so you have to grant each access to several DBus interface path before one application can access it. The best place should be some component which can secure general dbus access for all applications (maybe a fsopolicyd).
In the context of client applications, OAuth is absolute crapware and actually reduces security in what matters (the ability to spoof your ID) by adding a much more complex method (which is way more prone to programmer error) for zero gain.
In the case of delegating your ID to other web-sites, it is perhaps a good compromise.
Rui _______________________________________________ Shr-devel mailing list [email protected] http://lists.shr-project.org/mailman/listinfo/shr-devel
