Using the Mozillians API

[Gerv Markham]

Hi,

I was trying to read up about the capabilities of the Mozillians API. It
seems you are using some sort of self-describing JSON format, is that
right? I went here:

https://mozillians.org/api/v1/vouched/schema/

and it looks like there's only one API call, which is this one:
https://mozillians.org/api/v1/vouched/
and it returns 3 fields - email, is_vouched and resource_uri.

So currently, the API simply answers the questions: "is the person with
this email address registered on mozillians.org and, if so, are they a
vouched Mozillian."

Or have I missed something? :-)

Gerv

[Aakash Desai]

Hey Gerv,

Yes, that's completely right!

-- Aakash

--
You received this message because you are subscribed to the Google Groups "Mozilla Dev Community Tools" group.
To unsubscribe from this group, send email to mozilla-dev-communi...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Gervase Markham]

On 24/08/12 15:33, Aakash Desai wrote:
> Yes, that's completely right!

OK... so what use cases does the API currently meet, then? What can I
use it for? :-)

Gerv

[Aakash Desai]

Good question; here a few potential use cases:

* Offering access to an app that you'd only want Vouched Mozillians to use
* Allowing greater privileges based on if an account holder is a Vouched Mozillian

Hope that helps!


-- Aakash

Gerv

[Gervase Markham]

On 24/08/12 16:18, Aakash Desai wrote:
> Good question; here a few potential use cases:
>
> * Offering access to an app that you'd only want Vouched Mozillians to use

I certainly want to make lots of apps where access depends on Mozillians
data, but (as has been discussed before) being vouched is not a high
enough bar to make a meaningful difference between that and "public".
People are encouraged to get Mozillians accounts, and get them vouched,
very early on in their involvement with Mozilla, which means that the
bar to being vouched is (AIUI) pretty low, and the number of vouched
accounts is pretty high.

This is fine for some use cases (e.g. making sure we have an accurate
count of community members) but it's not fine for most app-access use
cases (e.g. a Mozilla community-only discussion forum).

So it would be awesome if the API could also return people's tags, and
we had the ability to have tags which people could not award themselves.
We already have that, I believe, with the "staff" tag, but we'd need at
least one more.

Is that sort of thing on the roadmap at all?

Gerv

[Aakash Desai]

Hi Gerv,

It's unfortunate that you feel that way. Yes, it is on the roadmap and its our top-most priority. We're looking to build out a solution that exposes more information to white-listed sites across the Mozilla universe in a way that does not break user privacy. Stay tuned in the coming weeks.

-- Aakash

Gerv

[Gervase Markham]

On 24/08/12 16:34, Aakash Desai wrote:
> It's unfortunate that you feel that way.

Well, I'm sure that further use cases will be enabled shortly, as you
have said :-) And perhaps other people have different uses in mind for
which the current API is fine.

However, I do think it's important that, now we are offering the ability
for people to make auth decisions based on vouched status, we have a
clear definition of what it _means_ to be vouched. Is there one written
up somewhere already?

It seems to me that, given the messaging and practice surrounding
vouching, there is little to no element of _trust_ involved in vouching
for someone. If I vouch for you, I am saying that you have made a
contribution of some sort to Mozilla which I have observed. I not making
an significant statement about your trustworthiness. Would that be a
fair thing to say, do you think?

If so, under what circumstances does it make sense to make an auth
decision based on presence or absence of vouched status? What sort of
apps would do that, in your view?

> Yes, it is on the roadmap and
> its our top-most priority. We're looking to build out a solution that
> exposes more information to white-listed sites across the Mozilla
> universe in a way that does not break user privacy. Stay tuned in the
> coming weeks.

That's great to hear :-)

Gerv

[Peter Bengtsson]

On Friday, August 24, 2012 8:41:38 AM UTC-7, Gerv Markham wrote:

On 24/08/12 16:34, Aakash Desai wrote:
> It's unfortunate that you feel that way.

Well, I'm sure that further use cases will be enabled shortly, as you
have said :-) And perhaps other people have different uses in mind for
which the current API is fine.

However, I do think it's important that, now we are offering the ability
for people to make auth decisions based on vouched status, we have a
clear definition of what it _means_ to be vouched. Is there one written
up somewhere already?

It seems to me that, given the messaging and practice surrounding
vouching, there is little to no element of _trust_ involved in vouching
for someone. If I vouch for you, I am saying that you have made a
contribution of some sort to Mozilla which I have observed. I not making
an significant statement about your trustworthiness. Would that be a
fair thing to say, do you think?

If so, under what circumstances does it make sense to make an auth
decision based on presence or absence of vouched status? What sort of
apps would do that, in your view?

Air Mozilla for example will do that.
/me started coding on that today.