Person and authentication
- From: Marco Pesenti Gritti <mpg redhat com>
- To: yarrr-list gnome org
- Subject: Person and authentication
- Date: Mon, 16 May 2005 13:18:32 +0200
Hi,
last week we discussed a bit on how to handle authentication. Current
situation is pretty sucky because even a simple nick change cause a new
person to be created server wise, so you lose your identity...
Here is a proposal for a simple authentication scheme... really just a
start. I'm trying to keep the UI simple and to not introduce entry
barriers... though I'm not a web security expert so I could be missing
something...
I imagine the following states:
ANON The user watch the conversation but everything editable is
insensitive.
GUEST The user choose a nick name, he can edit stuff but he will lose
his identity if he lose the cookie containing his person identifier.
REGISTERED The user choose his user/password (and probably filed some
more information like real name, email...). Now if he lose his cookies
or is using another browser he can just login again.
UI wise ANON and GUEST status are already implemented. To implement
REGISTERED we could:
- Show a "Register" link in the sidebar when in GUEST status. That will
show a form where the user could choose an u/p and file basic
information about himself.
- Show a "Login" link when in ANON status. That would show an
authentication form (enter u/p).
- About nick name conflicts. When an user registers his current nick
name become his user name. This is now taken and cannot be used by
others. Any other nick is free for use...
About the code. I think we should change Person so that the identifier
is the object reference id, not the nick name. (That will also simplify
things a bit by getting rid of .Ref).
When accessing the page GUEST will "authenticate" himself by just
passing the reference id. REGISTERED will authenticate himself by
passing u/p. (I have yet to work out the details here, but I hope it
gives an idea).
As a start I could change the person identifier (from nick to id) and
update the js nick change code so that, instead of creating a new person
every time, it would just change the name of the person (the id would
remain the same).
I hope it make sense...
Marco
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
