On 07/22/2009 05:11 PM, Ryan Lane wrote: > On Wed, Jul 22, 2009 at 3:49 PM, Gregory Maxwell<gmaxw...@gmail.com> wrote: >> If it has your credentials it can impersonate you, which is bad. >> >> It addressed by making it possible for the site to generate access >> cookies for particular resources which you could share. I.e. >> "generate a code that gives someone read only access to my watchlist". >> > > What about OpenID + OAuth?
In theory yes, I'd like to support that sort of thing. (For those unfamiliar: this would allow third party tools or sites to request limited access on a user's behalf, without exposing the user's password credentials to that third-party tool. The user would need to agree to exactly which information would be provided to the tool, and would be able to revoke the access in the future. This is broadly similar to the authorization for Flickr API clients and Facebook apps, but lots of sites are transitioning from their older proprietary protocols for this to OpenID+OAuth.) -- brion _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l