Wednesday, 7 July 2010

Oauth fail

I was delaying my weekly post, waiting for having something good to write, but I can’t delayed any more.
So, this is the point. As I said before I was worried about security, how to handle users login and password is a very important issue since we have access to private data. Last week I was researching about how other platforms do this. And I found a really interesting protocol called Oauth.
OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end user). It also provides a process for end-users to authorise third party access to their server resources without sharing their credentials (typically, a username and password pair), using user agent redirections.

This is great for Sakai. There are a lot of android developers who could write his own applications using the powerful framework which Sakai is. So I’ve been working in integrate Oauth in Sakai. But after talking with my mentor, David, we agree that this is far complicated that what I was planing so I decided to access using servlets, is not the best way but it’s functional. So I get the user connected with Sakai (yuhu!), and I’m going to write to sakai-dev waiting for some good soul from pda project could help with the integration.

Annonuncement is the first tool trying to sync, and that’s exactly in what I working right know. But since every tool is different is being a tough process, anyway nothing I can’t beat. (hopefully)

I saw that my gsoc parners are using github. I’m more fan of mercurial subversion service. There is any problem if I use bitbucket or maybe I could use svn in msub/ But If the community prefers using github please let me know and I will upload the code.

Finally a personal thought, I’m really learning a lot from Sakai, and having a great time working in this application and I really hope this would be useful for the community.

1 comment:

  1. Interesting post, thanks Maria! Actually I know Manoj has run into difficulties integrating his citation manager widget with web-based citation bookmarking services which use oauth. Maybe oauth would be a fruitful area for a future project?