Luke Tucker wrote:
I completely agree accounts and logins are a big ugly barrier for uptake. We have been doing work in a similar direction, but it's not nearly as clever... basically we're planning on doing the front page as a fully working demo (with sort of tutorial built in) and if you configure something you like you can create an account to save it...
Yeah... it's almost the same, except an account is created for you automatically with a random session ID, and it is automatically persistent. I don't know quite what to call it. It's much more persistent than a session ID. It feels much more random than a typical user ID (though of course many user IDs are generated and not meaningful). Maybe "generated user ID"?
I think this is a very cool idea... An interesting extension of this would be something like generating a URL that you can hand out to a friend that gives them the right to collaborate on your jug, but then also revoke if you feel like it. No login or signup for them either...
Yeah... at first I thought it would be a multiple-generated-user-ID-to-jug relationship. But you can't give a friend a generated user ID, because they might have their own. Also, the link you visit to get back to your saved session I am guessing is just a URL that sets the generated user ID cookie and redirects you to the home of the site, whereas a link you share has to first authenticate you for access, then redirect you to a persistent URL for that jug.
So the sharing itself would be very similar to tadalist, which just used a URL that you could share as widely as you want. I think tadalist just relied on the secrecy of that URL, and the security was based on the persistent URL being to some degree unguessable. Of course the security of a to-do list is not all that important, really. Probably the same could be said of melkjug.
Having a per-user URL is interesting, as it can be passed around kind of like a capability. I remember people discussing URLs-as-capabilities a long time ago, but it kind of fell off the map. Anyway, then when you visit the URL, as association is created from your generated user ID to the jug via that URL, and if someone revokes that URL then all the people who had access based on that URL would have it revoked. This is also handy for cases when people have multiple email addresses that direct to one box, and they aren't sure exactly which email address was given access. I have that problem with Google Docs often. (At this point my Google accounts are a total mess, for which I blame inconsistent Google policies.)
Ian -- Archive: http://www.openplans.org/projects/melkjug/lists/melkjug-development-list/archive/2008/06/1214520304995 To unsubscribe send an email with subject "unsubscribe" to [EMAIL PROTECTED] Please contact [EMAIL PROTECTED] for questions.
