https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004
Martin Renvoize <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com --- Comment #21 from Martin Renvoize <[email protected]> --- I don't like this much.. We're in-explicitly mixing Authentication (Are you who you say you are) and Authorization (What can this person/application on behalf of person do) At the very least I believe these functions should be made distinct to prevent leaking security context. The second reason I don't like this is that we're inventing out own wheel. There are lots of solid standards out there to do this sort of thing. We should really be leaning on the shoulders of giants and using an off the shelf standard. OAuth and OpenID connect would be my preferred option personally. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
