gnuherds-app-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user ID: email vs OpenID vs public/private keys


From: Davi Leal
Subject: Re: user ID: email vs OpenID vs public/private keys
Date: Wed, 18 Apr 2007 20:20:34 +0200
User-agent: KMail/1.9.5

Victor Engmark wrote:
> Antenore Gatta wrote:
> > The drawback is that we need also a user ID reminder.... But it's quite
> > secure.
>
> I think the last remark is the problem. We should ask for only one thing, a
> user name or an email address. I believe the email address is the easiest
> to use, and it seems that most new services on the web agree.

I agree about follow using only one ID, and that being the an email address.

> By the way, we should implement some way to change the email address. For
> that reason, it should not be (part of) the primary key in any of our
> tables (I'm too lazy to check this now).

You can see as the entity identified is E1_Id. So, the entity (person, company 
or non-profit) can change its email just modifying it and saving. The webapp 
check too that when you change your email you are not using one owned by 
other entity. Anyway it would fails at the data base layer due to the UNIQUE 
flag:

        E1_Id              SERIAL PRIMARY KEY,
        E1_Email           varchar(60) UNIQUE CHECK (E1_Email <> ''),

  Ref.: Layer-0__Site_entry_point/doc/GNUHerds__SQL_Implementation.sql


It is not clear that users can change its email?. You just modify and save, as 
in others job sites I use.

> Actually, we could consider OpenID <http://openid.net/> or public / private
> keys. The latter, however, would probably be technically difficult to make
> properly secure, very few end users know how to use them, and it should
> provide some additional value to just password retrieval to make sure
> people register their public keys.

I have added a postponed task to take note of this. Anyway, I think now the 
email is the standard user ID.

   Task: https://savannah.nongnu.org/task/index.php?6782

Davi




reply via email to

[Prev in Thread] Current Thread [Next in Thread]