dalcde
commented
3 years ago I'm a fan of this idea. One possibility is to use OAuth to give out access, and perhaps allow unauthenticated access within the SRCF's internal network, since SRCF users can already access such information on pip.
By converting scripts such as srcf-who to use the API, this would also
let us replace database-level access control with an application-level
one, which can be more fine-grained.
Project/idea summary
Expose parts of the SRCF membership database for internal use (or potentially external, via authorized tokens) via a standard json/xml REST API. In the future, we might choose for this to be fully CRUD but the UD obviously present risks.
Motivation
It would be nice to have access to the membership base for other SRCF-made or user-made applications via a standard format. For example, LightBlueTent could benefit from having access to member records for importing users. Of course, we should make sure to use granular permissions with different levels of access, and the issuance of tokens would impose strict control on who has access to this data.
Alternatives considered
Accessing directly via
psqlor a database connection, though there are downsides to this.