On Wed, Sep 1, 2010 at 6:42 AM, Magnus <[email protected]> wrote:
> Hi Thomas, > > I have thought about this the whole day now and it really sounds > interesting to me to give it a try with external login, but - if I > understood you right - I see a big disatvantage: > > Many applications are not or should not be usable at all when the user > is not logged in. But there are also applications that should be > usable (in a limited way) without login. > > Consider eBay: You can search and browse as nobody, but if you want to > sell, you have to sign in. Or consider a chess application: You can > watch everything, but if you want to create a new game, you have to > sign in first. Consider a forum: You can read a lot, but not > everything, but after you login, you can read everything and also > write. > > So my problem is that with your method I had to lock out all guest > users that just want to come and see what is going on there! > > For now, I am not sure if I understood you right. In addition I am > thinking about a "dummy user" to let guests come into my application, > but I am not sure if this is a solution. > > What do you think about this? > You're on the right track. Consider separating authentication (who are you) from authorization (what can you do). You have a /guest/ role along side a /user/ role. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
