[Design] [Cosmo] [Proposal] Anonymous login with Ticket + Password

[Mimi Yin]

Correct me if I'm wrong Matthew, but I think you are making a  
separate point.

The point here is that users don't see a difference between URLs and  
URLS with embedded tickets.

Which means that if we're going to provide additional security, we  
need to do it in a way that is out-of-band, as in not embedded in the  
URL.

And if we do it in a way that is not embedded in the URL (ie. a  
password), it needs to be human-readable, easy to remember and easy  
to type.

Sorry, just repeating myself. But I think there are a couple of key  
misunderstandings that's preventing us from having a shared  
understanding of what the user problem we're trying to solve is.

Mimi

PS BCM and Ed, I think if I had a better understanding of why this  
complicates thing on the engineering side, I could think more  
creatively about how to meet design requirements in a way that is  
simple and easy to implement.

So to repeat myself again ;o) Why is this proposal complicated to  
implement on the server end?

Mimi

On Aug 21, 2006, at 3:23 PM, Brian Moseley wrote:

> On 8/21/06, Matthew Eernisse <mde at osafoundation.org> wrote:
>> Whether it's called 'password' or 'ticket' seems to me less important
>> than the idea of of whether or not it's included as part of the URL.
>> Providing full-write access to a shared calendar from a single  
>> click on
>> a URL is problematic for all the obvious reasons, and we should at  
>> least
>> present people with a straightforward way of doing things more  
>> securely.
>
> we had this argument a couple months ago bro ;)
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>
> Open Source Applications Foundation "Design" mailing list
> http://lists.osafoundation.org/mailman/listinfo/design

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osafoundation.org/pipermail/design/attachments/20060821/ec28ad56/attachment.htm