Chuck Esterbrook <[EMAIL PROTECTED]> wrote: > >The idea behind externalId is that you could safely use it externally to >refer to a user. Safely means that 1. it would be hard for someone to guess >(and therefore impersonate another user) and 2. would not reveal private >information about the user. This basically means an opaque, lengthy >randomized id. I believe UserKit already provides that.
And we're not even really considering applications where one might want to refer to person identities in forms, for example, where the standard personal identifier is deemed sensitive even though there's little scope for impersonation using that identifier within the application. I worked on an application, once, where we had to "mask" organsiation-wide personal identifiers in order to obscure such information. Of course, it would have been possible to "crack" the obscuring mechanism and start getting real identifiers, but given the principally political motivation for this "security" it was enough to just not include such identifiers "bare" in HTML form elements (albeit hidden ones). I think the political powers knew that personal identifiers were fairly useless on their own anyway, but people do get on their soapbox about such things fairly easily in highly political organisations. Paul P.S. It's nice to see UserKit getting some attention! -- Get your firstname@lastname email for FREE at http://Nameplanet.com/?su _______________________________________________ Webware-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-devel
