Bots could also benefit from this greatly.
Indeed. In fact, it could (possibly) even change the way bots are done altogether. Right now bots are put on separate bot accounts so that if they are compromised the main user account is still secure (and also so that the permissions are separated). OAuth could change this by allowing bots to operate directly under the user's account.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Mon, Aug 27, 2012 at 12:57 PM, Ryan Lane rlane32@gmail.com wrote:
I have re-read the Wikipedia article about OpenID and OpenAuth.
OpenAuth while nice in many ways is NOT the same as OpenID. User authentication is one easy and obvious requirement and I have already
said
too much about its need.
It is NOT clear at all to me why OpenAuth should be regarded over OpenID. The use case for OpenID is obvious. In contrast the case for OpenAuth is not clear at all. What practical things will it solve?
OAuth will solve more practical problems than OpenID. Toolserver has had a need for this for years. Labs has the same need. Tools need to act on behalf of users. We can't let these tools request or store the credentials of our users, because that's insecure and gives the tool author access to the credentials. OAuth allows the tool to store a token, rather than the user's password. Of course, this goes past just tools. Beta Labs has this problem too. Bots could also benefit from this greatly.
OpenID would be helpful, and really a combination of OpenID and OAuth would be the best thing, but the priority of implementing these definitely leans in favor of OAuth.
- Ryan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l