[OTDev] On the Authentication API
Christoph Helma helma at in-silico.deMon Jan 18 10:43:04 CET 2010
- Previous message: [OTDev] On the Authentication API
- Next message: [OTDev] Questions to feature generation and feature selection
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Excerpts from chung's message of Thu Jan 14 19:14:58 +0100 2010: > Hi All > I had a thought about the authentication API. According to REST > architecture every user should be a resource - thus have a URI and a > corresponding RDF representation which could contain the following > information: > > * username > * realname (first + last) > * timestamp of user creation > * email > * Optionally personal information like: Country, City, Address, Web > Site, Tel, favorite band etc > * And finally the password(actually its digest) > > It is quite easy to extend the API properly to include such entities and > build some user RDFs but it is still not very clear how one (e.g. a > service) will securely access those data which of course *should not* be > accessible to everyone but only to the various services of OpenTox. If > these data are accessible from all OpenTox services (and only these), we > have a distributed system with distributed users. > > To restrict access to these data only to some services we could > establish a Virtual Private Network ( see > http://en.wikipedia.org/wiki/Virtual_private_network ) over SSL to > ensure secure travelling of sensitive data. This way user data will be > available only to the services. Additionally I think it is good practice > to use hash functions like SHA-512 to store passwords. > > Do you think such a structure would be appropriate for OpenTox? I think that authentification is straightforward and relatively easy to manage. The hard part is authorisation and the propagation of access rights (models should e.g. inherit permissions from their traing datasets). I had a brief look at OAauth that could do the job. Although juggling around with all these tokens is not very straightforward, I have no idea for a simpler solution. Best regards, Christoph
- Previous message: [OTDev] On the Authentication API
- Next message: [OTDev] Questions to feature generation and feature selection
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list