On Wed, 9 Dec 2009, Tyler Close wrote: > > If you're willing to tolerate a little bit of implementation mechanism, > I can do you one better on the UI side.
Generally speaking, server-to-server communication is highly undesireable, as it requires far more work on all sides. > From the user's perspective, the UI will be: > > - User visits site B and says nothing unique to site B. > - Users sees his data from site A on site B. > > Meaning the user won't have to start a login session with site A before > using site B. They can just go to site B and immediately get full > functionality. > > For each user: > 1. Site B generates an unguessable token and associates it with a user > account. > 2. A page from Site B does an HTML <form> post of the token to Site A. > 3. Server-side, Site A sends a request to Site B containing the token > and the corresponding unguessable user feed URL. > 4. Site B stores the feed URL in the user account. > 5. From then on, a page from Site B can do a direct GET on the feed > URL. Steps 1 through 4 are a one-time setup. > > All of the above is invisible to the user. There are no user actions > required. The implementation is fairly straightforward and the UI is > strictly superior to your ideal UI. How is the user recognised if he gives nothing unique to site B and doesn't login to site A? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
