I am not sure this should be priority. There are still a few nasty bugs lurking out there in the code. I suggest - let's focus on spotting and solving bugs. Address changing and aliases can wait imho.
2011/3/24 Daniel Danilatos <danila...@google.com> > The issue is that in practice, names *do* in fact get recycled by > not-so-careful admins. On rare occasions it may even be the right > thing to do - it's up to the administrators to make a judgement call. > > There is a difference regarding what we've been dealing with for > years. If I delete an email account and recreate the same email > address, the new user doesn't have access to the old user's emails. > But waves are shared objects, they're not stored in a user's account, > and they may not even be stored on the same server due to federation. > So by taking over the address, I now might have access to the previous > user's personal correspondences. > > Adding an opaque id doesn't solve the general confusion that might > happen if a new person takes over an address, but it does solve the > more serious issue of giving access to someone else's data. > > As an aside, this might also allow us to implement a relatively > painless way for a user to change their address, or to implement > aliases. > > Dan > > Στις 24 Μαρτίου 2011 9:59 π.μ., ο χρήστης James Purser > <jamesrpur...@gmail.com> έγραψε: > > On Wed, Mar 23, 2011 at 9:35 PM, Daniel Danilatos <danila...@google.com > >wrote: > > > >> Currently, ParticipantId contains an email address. This is not a > >> stable long term identifier for a user, and can cause problems. For > >> example, let's say "Bob Smith" b...@example.com leaves the > >> organisation, and then someone else "Bob Jones" takes over the same > >> address b...@example.com. Jones could then potentially gain access to > >> Smith's waves. > >> > > > > The problem is that any identifier needs to be human readable. The > > blah@blahapproach that has been borrowed from email actually works > > quite well. In > > terms of dealing with naming collisions, people have been dealing with it > > for many years now in email, IM and other fields. For instance in your > > example above, if there was an existing "b...@example.com" for Bob Jones > and > > Bob Smith comes along, Mr Smith would simply be given " > bob.sm...@example.com" > > or some other variation on the name. > > > > Generally I think we should leave this bit up to the admins who, being > used > > to sorting this out will no doubt already have naming conventions for > their > > users (Generally 2, one they use publically and one they use privately). > > > > -- > > James Purser > > Collaborynth > > http://collaborynth.com.au > > Mob: +61 406 576 553 > > Wave: ja...@collaborynth.com.au > > >
