I am not sure this should be priority. There are still a few nasty bugs
lurking out there in the code. I suggest - let's focus on spotting and
solving bugs. Address changing and aliases can wait imho.
2011/3/24 Daniel Danilatos danila...@google.com
The issue is that in practice, names *do* in fact get recycled by
not-so-careful admins. On rare occasions it may even be the right
thing to do - it's up to the administrators to make a judgement call.
There is a difference regarding what we've been dealing with for
years. If I delete an email account and recreate the same email
address, the new user doesn't have access to the old user's emails.
But waves are shared objects, they're not stored in a user's account,
and they may not even be stored on the same server due to federation.
So by taking over the address, I now might have access to the previous
user's personal correspondences.
Adding an opaque id doesn't solve the general confusion that might
happen if a new person takes over an address, but it does solve the
more serious issue of giving access to someone else's data.
As an aside, this might also allow us to implement a relatively
painless way for a user to change their address, or to implement
aliases.
Dan
Στις 24 Μαρτίου 2011 9:59 π.μ., ο χρήστης James Purser
jamesrpur...@gmail.com έγραψε:
On Wed, Mar 23, 2011 at 9:35 PM, Daniel Danilatos danila...@google.com
wrote:
Currently, ParticipantId contains an email address. This is not a
stable long term identifier for a user, and can cause problems. For
example, let's say Bob Smith b...@example.com leaves the
organisation, and then someone else Bob Jones takes over the same
address b...@example.com. Jones could then potentially gain access to
Smith's waves.
The problem is that any identifier needs to be human readable. The
blah@blahapproach that has been borrowed from email actually works
quite well. In
terms of dealing with naming collisions, people have been dealing with it
for many years now in email, IM and other fields. For instance in your
example above, if there was an existing b...@example.com for Bob Jones
and
Bob Smith comes along, Mr Smith would simply be given
bob.sm...@example.com
or some other variation on the name.
Generally I think we should leave this bit up to the admins who, being
used
to sorting this out will no doubt already have naming conventions for
their
users (Generally 2, one they use publically and one they use privately).
--
James Purser
Collaborynth
http://collaborynth.com.au
Mob: +61 406 576 553
Wave: ja...@collaborynth.com.au