W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Semi-public resources in Uniform Messaging

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 10 Dec 2009 09:48:30 +0000 (UTC)
To: Tyler Close <tyler.close@gmail.com>
Cc: public-webapps@w3.org
Message-ID: <Pine.LNX.4.62.0912100947160.16061@hixie.dreamhostps.com>
On Wed, 9 Dec 2009, Tyler Close wrote:
> If you're willing to tolerate a little bit of implementation mechanism, 
> I can do you one better on the UI side.

Generally speaking, server-to-server communication is highly undesireable, 
as it requires far more work on all sides.

> From the user's perspective, the UI will be:
>  - User visits site B and says nothing unique to site B.
>  - Users sees his data from site A on site B.
> Meaning the user won't have to start a login session with site A before 
> using site B. They can just go to site B and immediately get full 
> functionality.
> For each user:
> 1. Site B generates an unguessable token and associates it with a user account.
> 2. A page from Site B does an HTML <form> post of the token to Site A.
> 3. Server-side, Site A sends a request to Site B containing the token
> and the corresponding unguessable user feed URL.
> 4. Site B stores the feed URL in the user account.
> 5. From then on, a page from Site B can do a direct GET on the feed
> URL. Steps 1 through 4 are a one-time setup.
> All of the above is invisible to the user. There are no user actions 
> required. The implementation is fairly straightforward and the UI is 
> strictly superior to your ideal UI.

How is the user recognised if he gives nothing unique to site B and 
doesn't login to site A?

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 10 December 2009 09:49:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:21 UTC