Re: Online Accounts panel for 3.2

From: David Zeuthen <zeuthen gmail com>
To: Matthew Barnes <mbarnes redhat com>
Cc: desktop-devel-list gnome org
Subject: Re: Online Accounts panel for 3.2
Date: Mon, 2 May 2011 09:14:37 -0400
Hey Matt,

On Thu, Apr 28, 2011 at 2:06 PM, Matthew Barnes <mbarnes redhat com> wrote:
> On Wed, 2011-04-27 at 09:18 -0400, David Zeuthen wrote:
>> First, I think this is such an important area for GNOME that we want
>> to be in control of our own destiny - e.g. I don't think the problem
>> space is well-enough understood that we want to commit to stable APIs
>> or sharing code with others. Not yet. Maybe when all this is better
>> understood we can start moving things to freedesktop.org and sharing
>> interfaces with e.g. KDE, Qt or whatever. But I really don't think
>> that we are there yet (we've seen with e.g. org.fd.Notifications what
>> mess it can be if you standardize early).
>
> I agree, but for the the time being I view GOA integration as an
> optional add-on enhancement for Evolution, similar to how we use
> NetworkManager.
>
> We have a lot of users that run other desktops and I'd like to keep Evo
> fully functional in the absence of an OnlineAccounts service, and thus
> avoid any hard dependencies.
>
> Is that inline with what you had intended for this service: as something
> for applications to opt into?  Thunderbird, for example, could opt in
> with their own GOA add-on just as easily as Evolution.

Right - I think it's fine to have GOA as an optional dependency of
Evolution. Realistically, I think most distros are going to build it
with GOA support so it will probably pull in libgoa-1.0.so - but the
dependency on the packages containing goa-daemon(8) could be optional.
Or the app could speak D-Bus directly if it wants.

>
>
>> On dependencies: we are trying hard to move away from libdbus-1 and
>> libdbus-glib-1 towards GDBus. We also don't want any deps (run-time or
>> otherwise) on Qt or e.g. cryptsetup or dm-luks. We also really should
>> be using the platform keyring API (e.g. gnome-keyring) whenever
>> possible.
>
> How and when will you be using gnome-keyring (or I guess technically the
> "org.freedesktop.secrets" service)?  What kind of meta-data schema will
> the keyring entries use, so that E-D-S might find and reuse them?
>
> Otherwise, the D-Bus API you proposed sounds pretty easy to wire up to
> what we have (or will have), if I'm understanding all this correctly.
> I'm happy with what I've seen so far.

The fact that goa-daemon is using gnome-keyring is something I want to
keep as a private implementation detail. The reason is that we're not
just storing passwords - we're storing tokens and exactly what tokens
and how many per account depends on the access-control framework used.
There's also caching (access tokens typically have finite life and
needs to be refreshed) and locking (multiple apps might request a
token at the same time) involved so we just cannot hand out access to
apps like that. And the daemon is also showing notifications if the
user needs to be involved.

Basically, GOA is designed so the app won't need to worry about any of
this - the app can simply get the credentials from GOA and do its
thing. And if the credential doesn't work (suppose the user revoked
access [1]), then the app doesn't need to do much because GOA will
already have notified the user (through a notification and a red error
icon in the control panel) and whenever the user takes action to
rectify the problem, the app will get notified by a D-Bus signal.

The workflow in an app (such as Evo) would be like this

 accounts = goa.get_accounts_of_type('mail')
 for a in accounts:
   if a is OAuthBased:
     (oauth_access_token, oauth_access_token_secret) =
a.OAuthBased.GetAccessToken()
   elif a is OAuth2Based:
     oauth2_access_token = a.OAuthBased2.GetAccessToken()
   elif ...

   if a is GoogleAccount:
     use API from http://code.google.com/apis/gmail/
     with one of the credentials you got above
   elif a is YahooAccount
     use API from http://developer.yahoo.com/mail/
     with one of the credentials you got above
   elif ...

For example, for GMail, you can use the OAuth token when
authenticating the IMAP and SMTP connection cf.
http://code.google.com/apis/gmail/oauth/

I'm hoping to have something more concrete (a real release!) ready by
the end of this week or next.

Thanks,
David

[1] : see the video I posted here

 http://davidz25.blogspot.com/2011/04/gnome-online-accounts.html
Follow-Ups:
- Re: Online Accounts panel for 3.2
  - From: Matthew Barnes
- Re: Online Accounts panel for 3.2
  - From: Will Thompson
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]