Le , Ian Clarke <ian at locut.us> a ?crit : > On Fri, Nov 19, 2010 at 3:22 PM, Matthew Toseland > toad at amphibian.dyndns.org> wrote:
> > What we could do is: > > - either, having several identities tied to an account (so once the > > account is logged in, no need for a password for the identity, just > > choose which one you want to use); so, with this we have a separation > > between the account (1 per real user) and the identities (several per > > real user). > Okay so you log in with a password (and possibly a username), and then > you switch between different identities. > I know, then we can build some kind of system that remembers people's > passwords so that they don't have to use a password - genius! Or, we > simply don't require passwords in the first place. We are supposed to be > making Freenet easier to use, not figuring out new ways to throw > obstacles in people's way. Good point. Without the sarcasm, it would have been even better, but well... So, here is what I propose: right now, we ask for the name of the node's owner in the wizard (do we still do that?). Instead of that, we could ask the user to create a new identity, and ask if they want a password for that identity or not. If the user choose to not have a password, we just log this identity by default. Later on, he can choose to add a password to that identity if he wants to secure it. He can also choose to add new identities, which we then present on a dropdown list on the right of the "menu" (right where we show the identity currently logged in). This identity can have a password too. If it has a password, we encrypt all the information of that identity (bookmarks, messages, and so on). The remaining problem is: how do we integrate the "master" password which encrypts the datastore and so on? One way to do that would be to have separate datastores etc. by identities. We run by default all the things that are required by the identities without password, and only run the things that are required by the secure identities once they're logged in. This means we should have a way to present the users all the identities currently logged in, so he can log out the identities he doesn't want to run. It makes a bit difficult to manage bookmarks if we tie them up with identities (we can display all the bookmarks of the identities logged in, but in case we have several identities, with some of them logged out, it can be a bit difficult to remember which identity store the specific bookmark we want to visit right now), but I don't see another way if we don't use accounts. Is that better? > Ian. > -- > Ian Clarke > CEO, SenseArray > Email: ian at sensearray.com > Ph: +1 512 422 3588 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101123/8b7df235/attachment.html>
