[Cubicweb] Pyro and ZMQ deprecated?

Jinpeng Li mr.li.jinpeng at gmail.com
Thu Mar 13 11:24:00 CET 2014


Hi,

I don't know how cubicweb.dbapi is going be in the future; now apparently
cubicweb chooses api key authorization according to the development
of signedrequest/rqlcontroller.

In fact, I would like to mention that both api key authorization
and username/password authorization exist in the webservice industry.

https://blog.apigee.com/detail/do_you_need_api_keys_api_identity_vs._authorization
```
API keys originated with the first public web services, like Yahoo and
Google APIs.
Twitter simplifies things for their users by using usernames and passwords
for API authentication.
```
In my opinion, the most difficult point is how to securely store login and
password in client problem using python, or each time human user type login
and password for the program.

In addition, considering the compatibility, signedrequest/rqlcontroller
could provide two authorization ways; they are not conflict.

It would be better to leave cubicweb team to answer the future development
problem.

Best,
Jinpeng

On Thu, Mar 13, 2014 at 10:20 AM, Yann Cointepas <yann at cointepas.net> wrote:

> Hi,
>
> I probably made things confusing by talking about a link between password
> and signedrequest/rqlcontroller. Let's get back to a simple user question.
>
> When cubicweb.dbapi is obsolete, how CubicWeb will make it possible for a
> user to use its own collection of Python scripts using RQL to access a
> CubicWeb instance (not a single application, possibly used on several
> devices located on several sites) ? Today using cubicweb.dbapi with
> login/password is very simple and flexible. How it is going to be in the
> future ?
>
>       Yann
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20140313/0b86406f/attachment-0165.html>


More information about the Cubicweb mailing list