Cryptos are not anonymous. A currency based on an open publicly negotiated and independently verifiable transaction ledger is antithetical to anonymity.

This digital euro is specifically about having a single eminent control and track your money even at rest - something Visa and Mastercard would gladly sacrifices a population of a medium sized country to achieve.

G-d, how the hell is “mastercard and visa are monopolies” used as a reasoning for surveillance currency?

Have Danes been visiting ECB lately?

However you like, REST doesn’t dictate anything there. Just be consistent and use hypermedia.

JSON APIs almost never follow REST because they almost never use JSON as hypertext. Worse, no complete stable hypertext JSON standard exists. There’s JSON-HAL, but it lacks a way to represent resource templates (think HTML’s <form>).

Therefore, with JSON APIs ignoring one of the most basic idea behind REST, why would anyone expect them to follow another idea of REST - consistency?

REST is a deceptively simple concept. Any time you build an HTML website a human can navigate without consulting documentation, you’re doing it better than vast majority of swagger documented corporate APIs.

JSON API almost always means “not REST”. In other words, it works as intended.

I can’t muster any sarcasm out of sheer disappointment. You win this time…

No, my argument is that Russia’s and Russians’ actions are consistent across multiple statehoods and governments, making any attempt at redeeming them by shifting blame to a specific government an example of mental gymnastics.

Only actual attempts at taking responsibility for what Russia has been doing should count. And frankly, those Russians that do take responsibility—many of whom already got disappeared—will get erased from history and from possible future definition of „Russia” if Russia is not taken seriously to be your enemy here and now.

When UK refuses to return the riches they stole, we just say it like that.

When Belgia refuse to acknowledge genocide in Congo, we just say it.

When we talk about France losing colonial wars in Vietnam and Algeria, we say it.

When Israel starves an entire population in openly advertised genocide, we say it.

When we talk about Japanese massacres in China, we just say it.

When we talk about Chinese genocide of Uighurs, we just say it.

When Canada systematically oppresses indigenous population, we just say it.

But when Russia commits genocide and openly promises hellfire on the heads of those who would resist, don’t we dare say it!

This is pure mental gymnastics.

The fact that you straight ignored the core of my argument doesn’t add it any credibility either.

Russian mafia regime is Russia. Both its genocidal conquest policies and the tradition of subservience to a central authority predate the word “россия” and are consistent across governments and states.

The idea that wars of conquest and genocide Russia throws itself in since before we formulated the definition of a word „genocide” are somehow not about Russia would be the winner of every mental gymnastics competition for years to come.

I’d probably add that for something like nextcloud granted scopes can be an „orthogonal”–for the lack of a better word–subset of requested scopes.

The set of requestable scopes has to be defined by the system itself, not its specific configuration. E.g. „files:manage”, „talk:manage”, „mail:read” are all general capabilities the system offers.

However, as a user I can have a local configuration that adds granularity to the grants I issue. E.g.: „files:manage in specific folders” or „mail:read for specific domains or groups only” are user trust statements that fit into the capability matrix but add an additional and preferably invisible layer of access control.

It’s a fairly rare feature in the wild and is a potential UX pitfall, but it can be useful as an advanced option on the grant page, or as a separate access control for issued grants.

https://oauth.net/articles/authentication/

That aside, why is nextcloud asking for scopes from remote API in the diagram? What is drawn on the diagram has little to do with OAuth scopes, but rather looks like an attempt to wrap ACL repository access into a new vocabulary.

Scopes issued by the OAuth authorization server can be hidden entirely. The issuer doesn’t hold any obligation to share them with authorized party since they are dedicated for internal use and can be propagated via invisible or opaque means.

I really can’t figure out what’s going on with that diagram.

As a Ruby fan having a blast with Elixir, where the hell is anything BEAM related?

The compass is truly political.