- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 10 Dec 2009 09:48:30 +0000 (UTC)
- To: Tyler Close <tyler.close@gmail.com>
- Cc: public-webapps@w3.org
On Wed, 9 Dec 2009, Tyler Close wrote: > > If you're willing to tolerate a little bit of implementation mechanism, > I can do you one better on the UI side. Generally speaking, server-to-server communication is highly undesireable, as it requires far more work on all sides. > From the user's perspective, the UI will be: > > - User visits site B and says nothing unique to site B. > - Users sees his data from site A on site B. > > Meaning the user won't have to start a login session with site A before > using site B. They can just go to site B and immediately get full > functionality. > > For each user: > 1. Site B generates an unguessable token and associates it with a user account. > 2. A page from Site B does an HTML <form> post of the token to Site A. > 3. Server-side, Site A sends a request to Site B containing the token > and the corresponding unguessable user feed URL. > 4. Site B stores the feed URL in the user account. > 5. From then on, a page from Site B can do a direct GET on the feed > URL. Steps 1 through 4 are a one-time setup. > > All of the above is invisible to the user. There are no user actions > required. The implementation is fairly straightforward and the UI is > strictly superior to your ideal UI. How is the user recognised if he gives nothing unique to site B and doesn't login to site A? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 10 December 2009 09:49:08 UTC