[wp-xmlrpc] Any interest in OAuth?

Joseph Scott joseph at randomnetworks.com
Mon Jun 16 15:25:00 GMT 2008

On Jun 14, 2008, at 11:16 PM, Allan Odgaard wrote:

> So if I understand you correctly, you are swayed by the fine- 
> grained security.
> You don’t want to use the existing user system for this, because  
> each user has its own ID, and you want the posts from different  
> clients to appear as the same user ID.
> So why not extend the user system to have per-user aliases (with  
> its own password) and provide all these crazy security controls per  
> alias?

Either way what we'd be creating is some sort of new "user access".   
It really doesn't matter if you consider these per-user aliases or  
OAuth tokens, they won't be regular users in the sense that we think  
of them today.  So some new constructs would have to be developed to  
deal with these.

> This would allow all existing third party clients to reap the  
> benefits of the new fine-grained security.

True, with the disadvantage that users would have more usernames and  
passwords to remember.  I think the (potential) user experience for  
OAuth is better than asking users to continue to add user/aliases to  
their blog.

> Personally though, I doubt many/any would use it, even if wrapped  
> in OAuth¹. As for limiting posting to a certain IP, I already have  
> apache limit wp-admin access to my IP :)

I don't know how many apps/people would make use of it, that's one of  
the reasons I was asking about interest levels for it on this list.

> Btw: how many clients do you have posting to your blog?

I use MarsEdit and Windows Live Writer.  I've also use Adobe  
Contribute CS3, Flickr and Google Docs.

More and more we are seeing blog clients that are other services,  
like Flickr and Google Docs.

Joseph Scott
joseph at randomnetworks.com

More information about the wp-xmlrpc mailing list