Whether it's called 'password' or 'ticket' seems to me less important
than the idea of of whether or not it's included as part of the URL.
Providing full-write access to a shared calendar from a single click on
a URL is problematic for all the obvious reasons, and we should at least
present people with a straightforward way of doing things more securely.
In a fairly easy-to-imagine use-case, the 'owner' of the calendar could
e-mail around the URL, but then phone people up and give them the
password. IMO, whatever mechanism we use should facilitate that kind of
use easily and intuitively -- i.e., it should be built into the
workflow, and should not require non-obvious techniques like extra
copy-pasting or removing things out of the URL to get a 'secure calendar.'
Matthew
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design
