1 Dec
2015
1 Dec
'15
1:52 p.m.
Hi Denis, group, On Tue, Dec 01, 2015 at 01:23:21PM +0100, denis wrote:
You now have a situation where updates using the API must be done with a password, updates done with Webupdates must be done with SSO and updates done by email should be done with PGP. So you have actually increased the complexity of the already over complex authorisation model.
This is an excellent summary, I wonder what a good way forward would be. Possibly enable PGP authenticated API access? Or introduce a concept of "API Keys" which a user can tie to an application and for instance restrict which source IP addresses are allowed to use that key? I welcome your thoughts on this matter Kind regards, Job