2009/7/23 Ryan Lane <rlan...@gmail.com>: > On Wed, Jul 22, 2009 at 3:49 PM, Gregory Maxwell<gmaxw...@gmail.com> wrote: >> On Wed, Jul 22, 2009 at 4:41 PM, Gerard >> Meijssen<gerard.meijs...@gmail.com> wrote: >>> Hoi, >>> Would OpenID make a difference ? It seems to me that when you authenticate >>> to both WMF projects and to this watchlistr, you would not expose passwords >>> in the wrong place. It seems to be also a solution of allowing Commons to >>> authenticate in this way. >> >> No, not really. >> >> In this case the site wants your credentials so that it can scrape >> your watchlists. >> >> If it has your credentials it can impersonate you, which is bad. >> >> It addressed by making it possible for the site to generate access >> cookies for particular resources which you could share. I.e. >> "generate a code that gives someone read only access to my watchlist". >> > > What about OpenID + OAuth?
I think OAuth could be the way to go. (I had it explained to me as: a way to let 3rd party apps access an service's API on your behalf, without handing over your password of that service to the 3rd parties.) I was thinking that the only private data you can really access via the API is watchlist, so it's barely worth it, but then I thought that for 3rd party apps using the write API, you would definitely want to have an option for a user to use their existing Wiki*edia accounts cheers Brianna -- They've just been waiting in a mountain for the right moment: http://modernthings.org/ _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
