Bots could also benefit from this greatly.
Indeed. In fact, it could (possibly) even change the way bots are done
altogether. Right now bots are put on separate bot accounts so that if they
are compromised the main user account is still secure (and also so that the
permissions are separated). OAuth could change this by allowing bots to
operate directly under the user's account.
*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com
On Mon, Aug 27, 2012 at 12:57 PM, Ryan Lane <rlane32(a)gmail.com> wrote:
I have re-read
the Wikipedia article about OpenID and OpenAuth.
OpenAuth while nice in many ways is NOT the same as OpenID. User
authentication is one easy and obvious requirement and I have already
said
too much about its need.
It is NOT clear at all to me why OpenAuth should be regarded over OpenID.
The use case for OpenID is obvious. In contrast the case for OpenAuth is
not clear at all. What practical things will it solve?
OAuth will solve more practical problems than OpenID. Toolserver has
had a need for this for years. Labs has the same need. Tools need to
act on behalf of users. We can't let these tools request or store the
credentials of our users, because that's insecure and gives the tool
author access to the credentials. OAuth allows the tool to store a
token, rather than the user's password. Of course, this goes past just
tools. Beta Labs has this problem too. Bots could also benefit from
this greatly.
OpenID would be helpful, and really a combination of OpenID and OAuth
would be the best thing, but the priority of implementing these
definitely leans in favor of OAuth.
- Ryan
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l