[Design] [Cosmo] [Proposal] Anonymous login with Ticket + Password

[Matthew Eernisse]

Brian Moseley wrote:
> we had this argument a couple months ago bro ;)

Hmm, I distinctly remember trying that 'we already had this argument' 
thing on you before. Didn't have much effect on you, if memory serves. 
:) Seems like whatever discussion y'all had before didn't settle the 
issue, or we wouldn't be talking about it again. Apologies though for 
not following it closely the last time around.

I'm simply saying that single-click easy access to a calendar (including 
full write privileges), without also providing users a straightforward 
way to lock it down, is a huge, obvious security hole. And when bad 
things happen to users' shared calendars, it will give us a black eye.

I understand that it adds a lot of extra complexity to the security 
model. It just seems like the ability to password-protect stuff (i.e., 
provide an obvious way to use something distinctly different from the 
URL) is a pretty fundamental facility to expect for anything Web-based.


M.