[dokuwiki] Re: [Gsoc] REST ful API alongwith XML/JSON RPC
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Sat, 26 Mar 2011 13:39:12 +0100
> Well I just reviewed the XML-RPC implementation and wanted to came up
> with a plan, however, there are some point which should be discussed
> before any further planning.
> i) Security:
>
> -which functionalities are to be protected from anonymous access
You can see this in the current XML-RPC class. If the last parameter
in addCallback is true, anonymous access is granted.
> -which authentication methods should be used? (Cookies? Key-Pair? SSL?
> Sing User Key + host address?)
We currently support HTTP basic auth (if running on mod_php) and
calling the login method + cookies. I think it might be useful to have
a way that API implementations can implement their own way of
authentication, but I'm not sure how this is done best right now. I'd
say let's stay with the current two methods for now.
> -is there necessary to develop an access limit? should it be configurable?
Might be an idea for later on.
> ii) Mediator or module?
> should the generic API simply reflects the functionalities provided by
> core and plugins or should it be a module which is configurable and
> provides more functionality than a simple mediator?
A simple mediator should be enough.
Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
