[cgiapp] Re: what i'd like to be doing: new authn/authz thoughts
Ricardo SIGNES
rjbs-perl-cgiapp at lists.manxome.org
Fri Oct 19 19:20:34 EDT 2007
* "A. Pagaltzis" <pagaltzis at gmx.de> [2007-10-19T19:12:10]
> * Ricardo SIGNES <rjbs-perl-cgiapp at lists.manxome.org> [2007-10-19 19:45]:
> > Any other thoughts?
>
> The default case is you use your OpenID to log into your main
> account. So while you would need to create an account that an
> OpenID gets associated with, you could log in with your OpenID
> alone to access your main account.
Yeah, here's my concern: I've used some apps that let you "switch identity"
while using them, and I always feel like they become confusing, especially if
"current identity" acts like a hidden parameter to actions. Especially
especially if you work in multiple windows and end up doing this:
1. log in; you are now in your primary identity
2. click to /wishlist/edit and start working
3. open the page in a second tab or window
4. in that tab, switch to a secondary identity
5. click to /wishlist/edit and start working
6. go back to primary identity and finish editing. hit save
Let's assume that the form is smart and has enough information in it to save
properly to the correct datastore.
7. the save is a POST and redirects you to /wishlist/view
8. /wishlist/view uses 'current identity', so it shows you the list of your
secondary identity, because you switched your session to it in step 4
So you'll always want something like /wishlist/ID/{view,edit}. When is
"primary identity" a useful concept, now?
I feel like the better distinction ends up being between resources you own and
resources to which you have been granted permission. You'll never need to
switch accounts, unless you expressly wish to have things owned by different
owners.
--
rjbs
More information about the cgiapp
mailing list