slehavi Shuki Lehavi
Jaikus from slehavi
Tuesday, 3 March 2009
-
no it is not fast
Saturday, 14 February 2009
Friday, 18 April 2008
-
On my plate :-)
Wednesday, 26 September 2007
Monday, 24 September 2007
Friday, 21 September 2007
Monday, 17 September 2007
-
Sounds good, spec looks fine and I have added myself to the mailing list.
Saturday, 15 September 2007
-
I had no intention to get everyone into a heated debate. On my end, I am only trying to create an app that will be as intuitive as possible to the user. Anyhow, I will work out something and wait for updates on this thread. Less worried about someone sniffing uname and pwd, but any Auth flow (supported by a proper partner certification program) would be greatly appreciated. Let me know what I can do to help.
Friday, 14 September 2007
-
CAW, Once again, keep the scenario in mind. The use case is the same as in a Twitter API call or a Google Accounts Auth. The user AGREES to let the app login to Jaiku. From security standpoint, having the user provide a userName + api key, is no different then having the user provide a userName + password. In both cases, it requires that the user provides the creds, just in the API key case, the user must know that there is an API key (wierd). I suggest that Jaiku takes the Google route (AuthSubToken) or the Facebook route, either way the current solution is nothing to write home about.
-
In any good API (e.g. Google Accounts) you have a seperation between what you can on your account, what one can do with the API on one's account, and what one can do with the API on behalf of another's account. I agree with your comment, only ask why the API key, when not every user knows their API key? How can I write an app that performs actions on behalf of a user?
-
Yuck, I think the cleanst would be to just use the uname and pwd like in Twitter or GTalk. No?
-
first comment
Comments from slehavi