[Design] [Cosmo] [Proposal] Anonymous login with Ticket + Password

[Ed Bindl]

> what if, instead of using both a machine-generated, unmemorable ticket
> AND a user-generated, memorable password, we simply let the sharer
> choose the ticket string if he wants, letting the server generate a
> random one as it does today if the sharer doesn't care?
>

While I agree that using both a password and a ticket seems like the  
wrong thing to do, the ticket spec (http://www.sharemation.com/ 
~milele/public/dav/draft-ito-dav-ticket-00.txt) states:

1.2 Ticket ID Scheme

    The only condition imposed on ticket IDs is that the ticket ID MUST
    be unique on a resource at any given time. However, since the ticket
    ID is used as proof that a principal is in possession of the ticket,
    a server SHOULD select a ticket ID scheme such that it would be
    sufficiently difficult for an adversary in a way to guess or predict
    a ticket ID.

Another point that we are not considering is that Tickets can be  
limited on how long they are valid and how many uses they allow.   
This may allow for people that are concerned with others passing  
along there URL with the ticket enclosed to put a shorter timeout on  
the ticket, or possibly only issue 1 time use tickets (Limited use  
tickets are currently not supported by cosmo).

-Ed