- From: Larry Masinter <masinter@adobe.com>
- Date: Sun, 29 Apr 2012 08:08:31 -0700
- To: "www-tag@w3.org" <www-tag@w3.org>
The architecture community group is discussing "how to refer to a user". The purported "w3c way" described doesn't make a lot of sense to me. I think this is a good, realistic use case. Some things to consider in naming users: roles, organizations, pseudonyms A single person can have multiple roles: employee-of-company-A, individual-from-home. - Many people have a "work" and "personal email addres" Are organizations users, or just single individual people? What if a single person has multiple persona, pseudonyms, for privacy or fun? Can Identities merge? Split? Persistence -- do you want a reference to a user to outlast their choice of email providers? What is it that you want to persist? Can a person hand off their user identity ? Authentication -- identifying users is usually only the first step; the next step is determining whether a connection/communication/report comes from the user you want, vs. someone (perhaps maliciously) pretending to be them. Each method usually has some way of testing identity, or letting you delegate authentication to some other system (e.g., emailing someone a password reset token).
Received on Sunday, 29 April 2012 15:09:01 UTC