Okay I think out best bet for the money is to start from the bottom and work our way up.
First draft user page should allow the user to manually change their password, and see how many waves they have. Once we have that nailed down then we start looking at things like email reminders and so on. Start simple then build up. James Purser Mob: 0406 576 552 Twitter: purserj Wave: [email protected] On 28/10/2010, at 7:17 PM, Vega <[email protected]> wrote: > There's still no way for admin to verify user identity to avoid scam. > Moreoever, if user can't access her WIAB account, how will she ask > admin for password reset? > Regarding automatic password reset via email - in fact it is a lot > easier than implementing admin privileges logics + UI for admin page. > > What I suggest will work like this: > -User click on password recovery link > -Password recovery form is served where user enters username and > email. If they match WIAB sends POST request to MailHandlerServlet > that is running on other server (with access to mail server). The > request contains the recipient address and message text (with new > password). > -The both sides need to setup OAuth to trust each other. > -MailHandlerServlet (in simplest case - App Engine domain) sends the > requested email to recipient. > > The design is easy and sending email using App Engine mail server is > very easy. The architecture also allows to use other (non App Engine) > mail server as the communication is done via HTTP. It also escapes the > need to user verification. > Regarding user details update - I still think that the best way to do > it is based on WIAB services - like Settings Wave with profile gadget. > > On Oct 28, 8:42 am, Alex North <[email protected]> wrote: >> Good points, thanks for thinking about this. We don't have a design, no. >> >> I think your ideas about email addresses for verification are good, but >> adding email sending to WIAB will be a significant piece of work. Let's >> implement something really simple first, just enough to make WIAB usable. >> >> How about: >> - Some users are admins (add this to the user store). Possibly the first >> user to register is automatically an admin, others are not by default >> - An admin can grant admin access to other users, change passwords, and >> generally create and edit user records >> - User's can't reset their own passwords - they need to ask an admin >> >> I know that's no way to run a production service, but it's enough to get us >> over the hump of being able to admin the user store. >> >> On 28 October 2010 17:34, Vega <[email protected]> wrote: >> >> >> >>> By the way, when you talk about account management for admin - do you >>> have some design? >>> Firstly, in order to think about account management - WIAB should >>> support some notion of privileged accounts. I am not aware of such >>> functionality in WIAB. >>> Secondly, given that there will be functionality to to authorize some >>> user as admin and given that admins would have access to a page that >>> would allow to reset passwords - they still would need some >>> verification mechanism for password reset to avoid scam. Usually it >>> is done by sending email with password to verified email address - but >>> WIAB doesn't have mail server, and doesn't store email addresses or >>> has the functionality to verify email addresses. >> >>> I think the easiest solution for password recovering would be like >>> this: >>> -User will provide email address on registration >>> -WIAB will store the email along with user credentials >>> -Whenever user enters incorrect password - login page will be present >>> a link to password recovery page where the user should enter the >>> registered email. >>> -If username matches the email address, WIAB will automatically reset >>> the password and send it to registered email using Google AppEngine >>> mail server. >> >>> On Oct 28, 1:34 am, Alex North <[email protected]> wrote: >>>> Building features on top of Wave itself is definitely something we like >>> to >>>> do. User profiles, settings, avatars etc fit well here (it's what Google >>>> Wave does too). >> >>>> However I agree with James we probably need some basic infrastructure >>>> outside of waves to bootstrap such a system. Basic password resetting is >>> a >>>> good example, as is some admin functionality like account management. >> >>>> Implementing profile waves is a big task, but password reset and user >>>> management pages sound feasible. Go for it! >> >>>> Alex >> >>>> On 28 October 2010 08:28, Vega <[email protected]> wrote: >> >>>>> I am not sure how much effort would take to support gadgets in WIAB - >>>>> probably not too much. Implementation of admin gadget should not be >>>>> too hard, if needed I can do it. >> >>>>> On Oct 27, 3:31 pm, x00 <[email protected]> wrote: >>>>>> Content management could work through extensions, and ultimately a >>>>>> fully blown wave application framework. But I don't see that as the >>>>>> remit of WIAB at the moment. >> >>>>>> Potentially in the future all content could be float atop of wave >>> like >>>>>> services, bar the infrastructure itself. >> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>> Groups >>>>> "Wave Protocol" group. >>>>> To post to this group, send email to [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]<wave-protocol%2bunsubscr...@goog >>>>> legroups.com> >>> <wave-protocol%2bunsubscr...@goog legroups.com> >>>>> . >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/wave-protocol?hl=en. >> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Wave Protocol" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]<wave-protocol%2bunsubscr...@goog >>> legroups.com> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/wave-protocol?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Wave Protocol" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/wave-protocol?hl=en. > -- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
