Thanks, Stuart, this is very interesting. I spent a couple minutes at http://datashare.is.ed.ac.uk but I couldn't quickly determine how a users could discover their randomly generated API key in case they want to deposit via something somewhat low level like curl or a script that makes use of language bindings provided at https://github.com/swordapp
Or am I thinking about this the wrong way? If the API key is a proxy for my password, I need it (and my username) to make a deposit via SWORD. Maybe my user account page would simply expose the API key to me and I could reset it if my key were ever compromised. Phil On Mon, Jan 27, 2014 at 3:18 PM, LEWIS Stuart <stuart.le...@ed.ac.uk> wrote: > Thanks for sharing this Phil. > > Interestingly today I found someone else that has done exactly the same > thing! http://datashare.is.ed.ac.uk/ is the University of Edinburgh¹s > DSpace data repository. It uses a single-sign-on system, which obviously > doesn¹t work well with things like SWORD. > > To get around this, the developer George Hamilton (cc¹d) has added a > randomly generated API key to each users¹ profile, and this is used as a > proxy for a password for SWORD deposits. > > A neat solution, and sits well alongside similar API key configurations > for web-based systems. > > Thanks, > > > Stuart Lewis > Head of Research and Learning Services > Deputy Director Library & University Collections, Information Services > University of Edinburgh > stuart.le...@ed.ac.uk > > > > > > On 27/01/2014 19:25, "Philip Durbin" <philip_dur...@harvard.edu> wrote: > > Um. Sorry for the late reply. :) > > On the topic of API keys and SWORD, this just came across my radar: > > 'Enter the dashboard's IP address into the "Remote name" field and the > user and API key noted earlier into the "Api username" and "Api key" > fields' -- https://www.archivematica.org/wiki/Sword_API#Configuration > > Very interesting. > > Phil > > On Thu, Aug 1, 2013 at 2:49 PM, Richard Jones <rich...@cottagelabs.com> > wrote: >> Nope, no attempt to use OAuth with SWORD that I'm aware of. We toyed >> with trying to do this as part of the protocol, and then decided that >> it was Too Hard, might put people off implementing, and also ought to >> be orthogonal to the task that sword is trying to carry out, so we >> decided to leave it up to implementers to decide. >> >> Do you think that any modifications to sword are required in order to >> permit OAuth? Our principal during development was to make sure we >> didn't do anything which prevented such things, but I would like some >> confirmation that we succeeded! >> >> Cheers, >> >> Richard >> >> On 1 August 2013 17:08, Philip Durbin <philip_dur...@harvard.edu> wrote: >>> On Thu, Aug 1, 2013 at 10:07 AM, Philip Durbin >>> <philip_dur...@harvard.edu> wrote: >>>> Does anyone's SWORDv2 implementation use API keys (negotiated via >>>> OAuth, maybe?) rather than HTTP Basic Authentication >>>> (username/password) in conjunction with a TLS connection? >>> >>> It looks like Richard asked a similar question here: >>> >>> Re: [Sword-TAP] on-behalf-of vs. OAuth - >>> >>>http://www.mail-archive.com/sword-app-techadvisorypanel@lists.sourceforge >>>.net/msg00141.html >>> >>> >From what I can tell, no one has implemented OAuth or similar with >>>SWORD yet. >>> >>> Sorry for not noticing this post earlier. >>> >>> Phil >>> >>> -- >>> Philip Durbin >>> Software Developer for http://thedata.org >>> http://www.iq.harvard.edu/people/philip-durbin >>> >>> >>>------------------------------------------------------------------------- >>>----- >>> Get your SQL database under version control now! >>> Version control is standard for application code, but databases havent >>> caught up. So what steps can you take to put your SQL databases under >>> version control? Why should you start doing it? Read more to find out. >>> >>>http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clkt >>>rk >>> _______________________________________________ >>> sword-app-tech mailing list >>> sword-app-tech@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/sword-app-tech >> >> >> >> -- >> >> Richard Jones, >> >> Founder, Cottage Labs >> t: @richard_d_jones, @cottagelabs >> w: http://cottagelabs.com > > > > -- > Philip Durbin > Software Developer for http://thedata.org > http://www.iq.harvard.edu/people/philip-durbin > > --------------------------------------------------------------------------- > --- > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktr > k > _______________________________________________ > sword-app-tech mailing list > sword-app-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sword-app-tech > > > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336. > -- Philip Durbin Software Developer for http://thedata.org http://www.iq.harvard.edu/people/philip-durbin ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ sword-app-tech mailing list sword-app-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sword-app-tech
