[Auth API] Voting OPEN (Vote here)

0 views
Skip to first unread message

Anton de Winter

unread,
Dec 5, 2011, 4:31:44 PM12/5/11
to OpenRosa Working Group
Hi Everyone,


I'd like to officially open the vote for the Authentication API.

Voting Opens:  4:30 PM EST 5 DEC 2011   (1:30 PM PST, 21h30 GMT)
Voting Closes: 4:30 PM EST 6 DEC 2011   (1:30 PM PST, 21h30 GMT)

Thanks and happy voting!
Anton



--
Anton de Winter
529 Main St
Charlestown, MA
02129

Munaf Sheikh

unread,
Dec 6, 2011, 1:00:49 AM12/6/11
to openrosa-...@googlegroups.com
+1


Anton de Winter

unread,
Dec 6, 2011, 9:34:43 AM12/6/11
to openrosa-...@googlegroups.com
Bump

On Tue, Dec 6, 2011 at 1:00 AM, Munaf Sheikh <munaf....@gmail.com> wrote:
+1


Simon Kelly

unread,
Dec 6, 2011, 9:41:29 AM12/6/11
to openrosa-...@googlegroups.com
-0

Slight disagreement about inclusion of HTTPS requirements in Auth API.
I think these should be part of a separate security profile.

Drew Roos

unread,
Dec 6, 2011, 10:25:08 AM12/6/11
to openrosa-...@googlegroups.com
+1

Clayton Sims

unread,
Dec 6, 2011, 12:19:30 PM12/6/11
to openrosa-...@googlegroups.com
+1

Clayton Sims

unread,
Dec 6, 2011, 12:20:49 PM12/6/11
to openrosa-...@googlegroups.com
HTTPS is necessary for basic auth to not reveal credentials over plaintext. Definitely agree that security and auth should be separate, but "not sending plaintext credentials" seems like a practical requirement for an auth api.

-Clayton

On Tue, Dec 6, 2011 at 9:41 AM, Simon Kelly <simong...@gmail.com> wrote:

Mitch S

unread,
Dec 6, 2011, 12:27:23 PM12/6/11
to openrosa-...@googlegroups.com
+1 Mitch
--
Mitch Sundt
Software Engineer
University of Washington
mitche...@gmail.com

Jørn Klungsøyr

unread,
Dec 6, 2011, 3:27:03 PM12/6/11
to openrosa-...@googlegroups.com

0+

 

I’ve also on chat voiced that it better be defined as SHOULD use HTTPS, and not MUST use HTTPS.

 

It is really an implementation issue – if the spec is about a public service offering, as opposed to a software  - then I agree.

 

Anyhow, I suggest we in round 2.0 separate auth from security as simon suggests.

 

Best

Jørn

 

____________________________________________________________________________
Jorn Klungsoyr
openXdata - Centre for International Health, University of Bergen, Norway
www.openxdata.org / www.cih.uib.no / www.openrosa.org / www.open-mobile.org
Mobile: +4791365731, Skype/GoogleTalk: jornklung Alternative email: jorn.kl...@gmail.com
Post: Postboks 7800, 5020 Bergen, Visit: Årstadveien 21, 5th Floor, Bergen
                       ------¤¤¤¤------

Yaw Anokwa

unread,
Dec 6, 2011, 4:11:58 PM12/6/11
to openrosa-...@googlegroups.com
+1

Anton de Winter

unread,
Dec 6, 2011, 6:59:00 PM12/6/11
to openrosa-...@googlegroups.com

Voting is now closed. Sending announcement and tallies in a separate thread.

Thanks,
Anton

Reply all
Reply to author
Forward
0 new messages