You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The original Datakick API allowed any client - authenticated or not - to add or update items.
This creates risk, as bad-faith third parties could easily pollute the database with poor quality - or incorrect - data.
We don't want to block read access for anyone, but we probably need to have some control over incoming data.
Proposal 1: Writing to the database requires authentication
In this model reading is open but writing back to the database requires some kind of authentication - either as a logged in user in the HTML interface or using some kind of token system when accessing via the API.
This requires a decision on type of token. The standards-based JSON Web Tokens are probably the preferred option. An alternative is a simple access key / secret pair. These are less secure, but possibly easier for library authors to use.
Proposal 2: Changes to the database require validation
In this model any user - authenticated or not - can make changes, but those changes remain in an "unvalidated" state until an authenticated user (or some automated process) marks them as valid.
The review process for changes would require community involvement, though we could use feedback from the manual process to train an AI system (TensorFlow or the like) - moving towards a more automated review process.
Either proposal probably also requires a mechanism to report exisiting bad data. Again, this could be used to train an AI system and help it spot bad data.
The text was updated successfully, but these errors were encountered:
Background
The original Datakick API allowed any client - authenticated or not - to add or update items.
This creates risk, as bad-faith third parties could easily pollute the database with poor quality - or incorrect - data.
We don't want to block read access for anyone, but we probably need to have some control over incoming data.
Proposal 1: Writing to the database requires authentication
In this model reading is open but writing back to the database requires some kind of authentication - either as a logged in user in the HTML interface or using some kind of token system when accessing via the API.
This requires a decision on type of token. The standards-based JSON Web Tokens are probably the preferred option. An alternative is a simple access key / secret pair. These are less secure, but possibly easier for library authors to use.
Proposal 2: Changes to the database require validation
In this model any user - authenticated or not - can make changes, but those changes remain in an "unvalidated" state until an authenticated user (or some automated process) marks them as valid.
The review process for changes would require community involvement, though we could use feedback from the manual process to train an AI system (TensorFlow or the like) - moving towards a more automated review process.
Either proposal probably also requires a mechanism to report exisiting bad data. Again, this could be used to train an AI system and help it spot bad data.
The text was updated successfully, but these errors were encountered: