[Design] [Cosmo] [Proposal] Anonymous login with Ticket + Password
mde at osafoundation.org
Mon Aug 21 16:02:23 PDT 2006
Brian Moseley wrote:
> we had this argument a couple months ago bro ;)
Hmm, I distinctly remember trying that 'we already had this argument'
thing on you before. Didn't have much effect on you, if memory serves.
:) Seems like whatever discussion y'all had before didn't settle the
issue, or we wouldn't be talking about it again. Apologies though for
not following it closely the last time around.
I'm simply saying that single-click easy access to a calendar (including
full write privileges), without also providing users a straightforward
way to lock it down, is a huge, obvious security hole. And when bad
things happen to users' shared calendars, it will give us a black eye.
I understand that it adds a lot of extra complexity to the security
model. It just seems like the ability to password-protect stuff (i.e.,
provide an obvious way to use something distinctly different from the
URL) is a pretty fundamental facility to expect for anything Web-based.
More information about the Design