On 29 October 2010 10:44, Vega <[email protected]> wrote: > Hmm, I don't see a way how "password reset mechanism" can be outside > of the > authenticated world. Admin should be authenticated into something (DB > at least). >
Sorry, I wasn't very clear. Yes, admins should be authenticated when administering the user database. Any self-password-reset mechanism would need to be unauthenticated (but then rely on some other verification system, like sending an email to a known address). > If you want the most simple wavy password reset mechanism - do it with > agent. > -Invite agent into wave. > -Issue password reset command > -Agent has the access to users accounts, so it can check if the user > is authorized for such action, if so - it resets the password. Cannot > be simpler than that and easy to implement - and still wavy. > I love your passion for implementing things the wavy way! Experience has taught me that it's more complex than you make it out, though. > > On Oct 29, 1:26 am, Alex North <[email protected]> wrote: > > I happen to agree with Vega that hosting profile information in Wave has > > many advantages. However I disagree just on one piece: the login > > information. I do think the username and password need to > > be manageable outside of Wave itself. They provide kind of a minimal > > bootstrapping environment you need. First you get a username and > password, > > then you can log into Wave. > > > > Clearly the password reset mechanism needs to be outside of the > > authenticated world. I think it's simplest to put basic password > management > > (changing your password when you already know it) outside of waves too. > > Building data models in Wave is nice and flexible, but it's a lot of > > overhead for something as basic as login credentials. > > > > In many cases, authentication will be delegated to some other system, > LDAP > > for example. We're just trying to implement something basic for groups > that > > don't have such a system. > > > > On 29 October 2010 05:03, Vega <[email protected]> wrote: > > > > > > > > > The advantage is obvious - you have everything in one place. Another > > > advantage - the Wave environment - it means an option for extension. > > > For example you can create a simple profile wave. Then you (or some > > > 3rd party) can add extension that would import user info from facebook > > > etc... > > > > > On Oct 28, 1:03 pm, x00 <[email protected]> wrote: > > > > Even if you have a gadget, you still need an interface to do the > > > > management. I don't see much advantage of embedding this within a > > > > wavelet. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Wave Protocol" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<wave-protocol%[email protected]> > <wave-protocol%2bunsubscr...@goog legroups.com> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/wave-protocol?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Wave Protocol" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<wave-protocol%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/wave-protocol?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
