W3C home > Mailing lists > Public > www-tag@w3.org > February 2010

RE: ACTION-278 Hiding metadata for security reasons

From: Larry Masinter <masinter@adobe.com>
Date: Sat, 6 Feb 2010 08:57:00 -0800
To: Jonathan Rees <jar@creativecommons.org>, "www-tag@w3.org" <www-tag@w3.org>
CC: Tyler Close <tyler.close@gmail.com>, "Mark S. Miller" <erights@google.com>
Message-ID: <C68CB012D9182D408CED7B884F441D4D7372D9@nambxv01a.corp.adobe.com>
Design 3:

   1. The user is subscribed message to a mailing list.
      There is a "subscription password"; the user can pick it
      when subscribing or the system can generate one.
   2. The list processing software sends an email message to the user,
      providing advice that the user may unsubscribe from the list, and
      including a link to an unsubscribe confirmation page; the link
      also fills in the user name (but not the password).
   3. The unsubscribe page lets you enter in the password. If
       you don't remember or never had the password, there is a
       "send me my password" link, which will email the password
      to your email address.
   4. The user follows the link to the confirmation page, and finds a
      form with an input field requesting the password 
      and a button to "[Confirm] your unsubscription". The
      form is to be submitted with method="POST".
   5. The user types in the password from memory or
      copies the password from the password email message and pastes
      it into the password field, and activates the [Confirm] form
      control.
   6. The list processing software confirms the unsubscription and
      removes the user from the list.


This is the usage pattern in many email lists.

Larry

Received on Saturday, 6 February 2010 16:57:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:19 GMT