[Design] [Scooby] Anonymous access to read-write tickets and
security concerns
Mimi Yin
mimi at osafoundation.org
Wed Jul 12 17:26:02 PDT 2006
True, it's not problematic if you assume that the user has created an
account with a username that is separate from their email address.
It is problematic if you auto-generate accounts based on email
addresses (a la Jeremy's proposal).
It's also problematic because one of the design requirements we're
putting forward is that users don't feel like they're creating /
maintaining an account. Jeremy's proposal meets this requirement
because the accounts are auto-generated (although asking users to
pick and remember a password is still problematic).
Mimi
On Jul 12, 2006, at 5:02 PM, Brian Moseley wrote:
> On 7/12/06, Mimi Yin <mimi at osafoundation.org> wrote:
>> because we wouldn't have to solve the workflow problem of
>> coordinating shares sent to different email accounts into a single
>> cosmo account.
>
> why is this a workflow problem?
>
> say i have already created my account with the address
> 'bcm at osafoundation.org'. then somebody shares a collection to me with
> 'bcm at maz.org'. when i click the share url in the email to access the
> calendar, cosmo/scooby asks me to log in. when i log in, cosmo
> associates that email address with my account and takes me to the
> calendar.
>
> say i haven't already created an account. when i click the share url
> in the email, cosmo/scooby asks me to register an account with the
> email address that was used to share to me. i do so and am taken to
> the calendar.
>
> is this really problematic?
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>
> Open Source Applications Foundation "Design" mailing list
> http://lists.osafoundation.org/mailman/listinfo/design
More information about the Design
mailing list