ISSUE-29: Should DAP APIs support "API Keys"
apiKeys
Should DAP APIs support "API Keys"
- State:
- CLOSED
- Product:
- Policy Framework Requirements
- Raised by:
- Claes Nilsson
- Opened on:
- 2009-10-07
- Description:
- From:
http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0047.html
Discussion:
I am thinking of general secrets for authentication towards a server. This can be API keys but also login credentials.
It should be implementation dependent how the keys, credentials etc are stored. What's important is that the secret information shall be protected from access by applications for which the secret information is not indented. Access to the information should be granted based on the identity of the application.
An example of an application needing this kind of API is a Facebook web widget where certain API keys are needed to get access to a set of extra APIs that are not accessible by the normal Facebook web page executed in the browser.
Maybe the requirement should be rephrased to:
"SHOULD provide secure storage and management of secret information, e.g. server login credentials or API keys."
Regards
Claes - Related Actions Items:
- No related actions
- Related emails:
- Proposed updates to Pending and Raised ISSUES, suggest 'API Requirements and Design Decisions' document (from Frederick.Hirsch@nokia.com on 2011-01-04)
Related notes:
see http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0047.html
and
http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0048.html
and
http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0099.html
Looks this isn't really relevant for our work at this time
Dominique Hazaƫl-Massieux, 25 Aug 2010, 16:17:18Display change log
