[Cosmo] usefulness of usernames
lisa at osafoundation.org
Mon Sep 26 14:01:17 PDT 2005
I also worry that even if you can't search or list the set of user
collections to harvest email addresses, those URLs will leak out and
reveal email addresses more often. There's a use case for somebody like
Mitch who might be willing to have his calendar be publicly readable
(or at least his free-busy time) and share that URL widely, but might
be more concerned about having email address be private.
Of course for me, since my email appears in hundreds of places
including every internet-draft I've ever written and most working group
mailing lists, I just don't care. But that's just me :)
What about the tie-in between login and URL though? just because
somebody logs in with their email address (or using a federated
identity system) doesn't mean that their calendar URL has to have their
login. It's not quite the same thing, but I'm reminded of blog sites
where my login is distinct from my blog name -- my login doesn't appear
in the blog URL.
On Sep 26, 2005, at 12:42 PM, Heikki Toivonen wrote:
> Brian Moseley wrote:
>> anyway, the two do seem redundant, and i wonder if we can't get rid of
>> username altogether, using email address only to partition the
>> repository for user storage and to (along with passwords) authenticate
>> does anybody have thoughts either way?
> Having the email address be the login name can confuse some users so
> that they think cosmo and their email server share the same user
> database. These people will be surprised when they change their
> for one system and expect to be able to login with that password to the
> other system.
> Also, more people will almost certainly use the same password for these
> two different systems (even if they understand they do not
> share the same user database), which obviously exposes more of their
> information in case one password is exposed.
> Heikki Toivonen
> Cosmo mailing list
> Cosmo at osafoundation.org
More information about the Cosmo