I'm working on an a GAE application where the front end will be embedded into a hardware device. To keep things simple we were going to have the user log in using their Google account. This account is stored in the device since the device operates without the user present. Another example of a device like this is Internet TVs. If you want to use YouTube from a Samsung TV it stores your Google login.
Storing the account data introduces a potential security hole. These devices are connected to the Internet and they are vulnerable to getting hacked. Limited capability Google sub-accounts could control this security risk. For example gmail already allows '+' in your login name. 'jonsmirl' and 'jonsmirl+tv' both map to the same account. I'd like to be able to make a sub-account like 'jonsmirl+tv' and only let it have access to playing my YouTube videos and nothing else - no YouTube upload, delete, no gmail, etc. Another example - a security camera with post only access to YouTube. If someone steals the camera they won't be able to get to the video. Or a medical device uploading data via a cell phone, etc.. In my current situation I only want the sub-account to be able to access GAE (no gmail access). But I still want my main account to be able to access all of Google. My main account is going to be used to look at the data being uploaded into GAE. These sub-accounts would have separate passwords. You could make them long and complicated since they will be embedded into hardware. Now if the hardware is compromised the damage is contained. Use the main account to change the password and you are ok (except for any damage done). You have to allow for this hardware being hacked, lost, stolen, etc and the credentials being inside it. I can work around this by have the user create a separate Google account. I can then link the data arriving on this account to their main account. But this pollutes the Google account namespace and it is hard for the user to keep track of. Sub-accounts are a much nicer option. -- Jon Smirl [email protected] -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
