Re: [Design] [Cosmo] [Proposal] Anonymous login with Ticket + Password

[Mimi Yin]

Correct me if I'm wrong Matthew, but I think you are making a separate point.  The point here is that users don't see a difference between URLs and URLS with embedded tickets. Which means that if we're going to provide additional security, we need to do it in a way that is out-of-band, as in not embedded in the URL. And if we do it in a way that is not embedded in the URL (ie. a password), it needs to be human-readable, easy to remember and easy to type.  Sorry, just repeating myself. But I think there are a couple of key misunderstandings that's preventing us from having a shared understanding of what the user problem we're trying to solve is. Mimi PS BCM and Ed, I think if I had a better understanding of why this complicates thing on the engineering side, I could think more creatively about how to meet design requirements in a way that is simple and easy to implement. So to repeat myself again ;o) Why is this proposal complicated to implement on the server end? Mimi On Aug 21, 2006, at 3:23 PM, Brian Moseley wrote: On 8/21/06, Matthew Eernisse <[EMAIL PROTECTED]> wrote: Whether it's called 'password' or 'ticket' seems to me less important than the idea of of whether or not it's included as part of the URL. Providing full-write access to a shared calendar from a single click on a URL is problematic for all the obvious reasons, and we should at least present people with a straightforward way of doing things more securely. we had this argument a couple months ago bro ;) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Open Source Applications Foundation "Design" mailing list http://lists.osafoundation.org/mailman/listinfo/design

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design