Menu
▾
▴
Re: [sword-app-tech] using API keys (OAuth?) rather than HTTP Basic Authentication (username/password) in conjunction with a TLS connection
|
From: George H. <geo...@ed...> - 2014-01-31 13:17:16
|
Hi Phil You'll find your key in your profile, you'll need an EASE login though. I've got some notes here: https://www.wiki.ed.ac.uk/display/datashare/sword2 Regards George On 31/01/14 13:10, Philip Durbin wrote: > Thanks, Stuart, this is very interesting. I spent a couple minutes at > http://datashare.is.ed.ac.uk but I couldn't quickly determine how a > users could discover their randomly generated API key in case they > want to deposit via something somewhat low level like curl or a script > that makes use of language bindings provided at > https://github.com/swordapp > > Or am I thinking about this the wrong way? If the API key is a proxy > for my password, I need it (and my username) to make a deposit via > SWORD. Maybe my user account page would simply expose the API key to > me and I could reset it if my key were ever compromised. > > Phil > > On Mon, Jan 27, 2014 at 3:18 PM, LEWIS Stuart <Stu...@ed...> wrote: >> Thanks for sharing this Phil. >> >> Interestingly today I found someone else that has done exactly the same >> thing! http://datashare.is.ed.ac.uk/ is the University of Edinburgh¹s >> DSpace data repository. It uses a single-sign-on system, which obviously >> doesn¹t work well with things like SWORD. >> >> To get around this, the developer George Hamilton (cc¹d) has added a >> randomly generated API key to each users¹ profile, and this is used as a >> proxy for a password for SWORD deposits. >> >> A neat solution, and sits well alongside similar API key configurations >> for web-based systems. >> >> Thanks, >> >> >> Stuart Lewis >> Head of Research and Learning Services >> Deputy Director Library & University Collections, Information Services >> University of Edinburgh >> Stu...@ed... >> >> >> >> >> >> On 27/01/2014 19:25, "Philip Durbin" <phi...@ha...> wrote: >> >> Um. Sorry for the late reply. :) >> >> On the topic of API keys and SWORD, this just came across my radar: >> >> 'Enter the dashboard's IP address into the "Remote name" field and the >> user and API key noted earlier into the "Api username" and "Api key" >> fields' -- https://www.archivematica.org/wiki/Sword_API#Configuration >> >> Very interesting. >> >> Phil >> >> On Thu, Aug 1, 2013 at 2:49 PM, Richard Jones <ri...@co...> >> wrote: >>> Nope, no attempt to use OAuth with SWORD that I'm aware of. We toyed >>> with trying to do this as part of the protocol, and then decided that >>> it was Too Hard, might put people off implementing, and also ought to >>> be orthogonal to the task that sword is trying to carry out, so we >>> decided to leave it up to implementers to decide. >>> >>> Do you think that any modifications to sword are required in order to >>> permit OAuth? Our principal during development was to make sure we >>> didn't do anything which prevented such things, but I would like some >>> confirmation that we succeeded! >>> >>> Cheers, >>> >>> Richard >>> >>> On 1 August 2013 17:08, Philip Durbin <phi...@ha...> wrote: >>>> On Thu, Aug 1, 2013 at 10:07 AM, Philip Durbin >>>> <phi...@ha...> wrote: >>>>> Does anyone's SWORDv2 implementation use API keys (negotiated via >>>>> OAuth, maybe?) rather than HTTP Basic Authentication >>>>> (username/password) in conjunction with a TLS connection? >>>> It looks like Richard asked a similar question here: >>>> >>>> Re: [Sword-TAP] on-behalf-of vs. OAuth - >>>> >>>> http://www.mail-archive.com/swo...@li...urceforge >>>> .net/msg00141.html >>>> >>>> >From what I can tell, no one has implemented OAuth or similar with >>>> SWORD yet. >>>> >>>> Sorry for not noticing this post earlier. >>>> >>>> Phil >>>> >>>> -- >>>> Philip Durbin >>>> Software Developer for http://thedata.org >>>> http://www.iq.harvard.edu/people/philip-durbin >>>> >>>> >>>> ------------------------------------------------------------------------- >>>> ----- >>>> Get your SQL database under version control now! >>>> Version control is standard for application code, but databases havent >>>> caught up. So what steps can you take to put your SQL databases under >>>> version control? Why should you start doing it? Read more to find out. >>>> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clkt >>>> rk >>>> _______________________________________________ >>>> sword-app-tech mailing list >>>> swo...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sword-app-tech >>> >>> >>> -- >>> >>> Richard Jones, >>> >>> Founder, Cottage Labs >>> t: @richard_d_jones, @cottagelabs >>> w: http://cottagelabs.com >> >> >> -- >> Philip Durbin >> Software Developer for http://thedata.org >> http://www.iq.harvard.edu/people/philip-durbin >> >> --------------------------------------------------------------------------- >> --- >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >> Learn Why More Businesses Are Choosing CenturyLink Cloud For >> Critical Workloads, Development Environments & Everything In Between. >> Get a Quote or Start a Free Trial Today. >> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktr >> k >> _______________________________________________ >> sword-app-tech mailing list >> swo...@li... >> https://lists.sourceforge.net/lists/listinfo/sword-app-tech >> >> >> The University of Edinburgh is a charitable body, registered in >> Scotland, with registration number SC005336. >> > > -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. |
