I was having some discussions on the user validation aspect of lists
the other day, and with the growing prevalence of web-based
subscription interfaces, we got into a talk about ways to move the
validation out of the list server and into the web -- while still
keeping the security of the mailback validation.
The idea that came up, which I really like, is to move the
"authorization" token out of the e-mail space and into the web space.
Instead of sending an auth string a user has to send back in a way the
list server can process, you send the user a URL, which points in some
customized way back to your web site. The web site can then verify the
token and data, and use the admin password or whatever to sneak behind
the standard list server mailback authorization.
I'm not suggesting replacing the current majordomo (or whatever)
schemes, but supplement them -- so that users already working the list
via the web can authorize via the web, but not until after they receive
the URL via e-mail. Since clicking a URL in an e-mail client is a bit
better handled technologically, and users are more likely to understand
how to use a URL than an authorization string (since it uses a standard
format), it's a way to help reduce user confusion by simplifying the
user interface some more.
Not something I'm actively pushing or promotion (although a vendor I'm
working with is already implementing it in their system....) -- but I
think the idea has promise, so I'm tossing it out, in case others look
at it and go "yeah. Maybe if we..." and run with it.
Might be something Bill might consider for MajorCool, or someone else
might find handy for something they're working on... I might look at it
down the road, but I know I won't get to it for a while, so I figured
it'd do no harm to bring it up and see if someone else might want to
play with it...
chuq
--
Chuq Von Rospach (Hockey fan? <http://www.plaidworks.com/hockey/>)
Apple Mail List Gnome (mailto:[EMAIL PROTECTED])
Plaidworks Consulting (mailto:[EMAIL PROTECTED])
<http://www.plaidworks.com/> + <http://www.lists.apple.com/>
